From openssl at openssl.org Mon Jun 1 01:26:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Jun 2020 01:26:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1590974762.091555.10166.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1917, 742 wallclock secs ( 8.93 usr 1.55 sys + 695.04 cusr 45.74 csys = 751.26 CPU) Result: FAIL Makefile:3092: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3090: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jun 1 04:04:34 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Jun 2020 04:04:34 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1590984274.791003.27693.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): ssl/statem/libssl-shlib-statem_dtls.o \ ssl/statem/libssl-shlib-statem_lib.o \ ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld \ engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld \ engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld \ engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld \ engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld \ engines/padlock-dso-e_padlock-x86_64.o \ engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test \ fuzz/asn1parse-test-bin-asn1parse.o \ fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test \ fuzz/bignum-test-bin-bignum.o \ fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bndiv-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bndiv-test \ fuzz/bndiv-test-bin-bndiv.o \ fuzz/bndiv-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/conf-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/conf-test \ fuzz/conf-test-bin-conf.o fuzz/conf-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22674: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22698: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so./libcrypto.so: undefined reference to `: undefined reference to `ess_find_certESS_SIGNING_CERT_V2_get' ' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ess_find_cert_v2' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22722: recipe for target 'fuzz/bndiv-test' failed make[1]: *** [fuzz/bndiv-test] Error 1 Makefile:22793: recipe for target 'fuzz/conf-test' failed make[1]: *** [fuzz/conf-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3028: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Mon Jun 1 06:35:10 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Jun 2020 06:35:10 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1590993310.071586.26560.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=198, Tests=1990, 720 wallclock secs ( 8.44 usr 1.57 sys + 669.82 cusr 46.39 csys = 726.22 CPU) Result: FAIL Makefile:3098: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3096: recipe for target 'tests' failed make: *** [tests] Error 2 From tmraz at fedoraproject.org Mon Jun 1 07:01:56 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Mon, 01 Jun 2020 07:01:56 +0000 Subject: [openssl] master update Message-ID: <1590994916.340674.18285.nullmailer@dev.openssl.org> The branch master has been updated via 60d3b5b9ffb8c1273af0cc0338ec1c98f464f4b1 (commit) from 082c041b4233b17b80129d4ac6b33a28014442b0 (commit) - Log ----------------------------------------------------------------- commit 60d3b5b9ffb8c1273af0cc0338ec1c98f464f4b1 Author: Hubert Kario Date: Sat Jan 18 19:13:02 2020 +0100 add FFDH to speed command the openssl speed command could not benchmark FFDH speed, but it could benchmark ECDH, making comparisons between the two hard this commit adds this feature fixes #9475 Signed-off-by: Hubert Kario Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10887) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 325 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 320 insertions(+), 5 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index bd05631f30..f481b6b8fd 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -16,6 +16,7 @@ #define ECDH_SECONDS 10 #define EdDSA_SECONDS 10 #define SM2_SECONDS 10 +#define FFDH_SECONDS 10 /* We need to use some deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED @@ -98,6 +99,9 @@ # include # include "./testrsa.h" #endif +#ifndef OPENSSL_NO_DH +# include +#endif #include #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) # include @@ -125,6 +129,7 @@ #define MAX_MISALIGNMENT 63 #define MAX_ECDH_SIZE 256 #define MISALIGN 64 +#define MAX_FFDH_SIZE 1024 typedef struct openssl_speed_sec_st { int sym; @@ -134,6 +139,7 @@ typedef struct openssl_speed_sec_st { int ecdh; int eddsa; int sm2; + int ffdh; } openssl_speed_sec_t; static volatile int run = 0; @@ -435,6 +441,22 @@ static const OPT_PAIR rsa_choices[RSA_NUM] = { static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_DH +enum ff_params_t { + R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM +}; + +static const OPT_PAIR ffdh_choices[FFDH_NUM] = { + {"ffdh2048", R_FFDH_2048}, + {"ffdh3072", R_FFDH_3072}, + {"ffdh4096", R_FFDH_4096}, + {"ffdh6144", R_FFDH_6144}, + {"ffdh8192", R_FFDH_8192}, +}; + +static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ +#endif /* OPENSSL_NO_DH */ + #ifndef OPENSSL_NO_EC enum ec_curves_t { R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, @@ -561,6 +583,11 @@ typedef struct loopargs_st { unsigned char *secret_a; unsigned char *secret_b; size_t outlen[EC_NUM]; +#endif +#ifndef OPENSSL_NO_DH + EVP_PKEY_CTX *ffdh_ctx[FFDH_NUM]; + unsigned char *secret_ff_a; + unsigned char *secret_ff_b; #endif EVP_CIPHER_CTX *ctx; #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -1067,6 +1094,24 @@ static int RSA_verify_loop(void *args) } #endif +#ifndef OPENSSL_NO_DH +static long ffdh_c[FFDH_NUM][1]; + +static int FFDH_derive_key_loop(void *args) +{ + loopargs_t *tempargs = *(loopargs_t **) args; + EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum]; + unsigned char *derived_secret = tempargs->secret_ff_a; + size_t outlen = MAX_FFDH_SIZE; + int count; + + for (count = 0; COND(ffdh_c[testnum][0]); count++) + EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen); + + return count; +} +#endif /* OPENSSL_NO_DH */ + #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static long dsa_c[DSA_NUM][2]; static int DSA_sign_loop(void *args) @@ -1463,7 +1508,8 @@ int speed_main(int argc, char **argv) #endif openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS, ECDSA_SECONDS, ECDH_SECONDS, - EdDSA_SECONDS, SM2_SECONDS }; + EdDSA_SECONDS, SM2_SECONDS, + FFDH_SECONDS }; /* What follows are the buffers and key material. */ #if !defined(OPENSSL_NO_RC5) && !defined(OPENSSL_NO_DEPRECATED_3_0) @@ -1521,6 +1567,23 @@ int speed_main(int argc, char **argv) uint8_t rsa_doit[RSA_NUM] = { 0 }; int primes = RSA_DEFAULT_PRIME_NUM; #endif +#ifndef OPENSSL_NO_DH + typedef struct ffdh_params_st { + const char *name; + unsigned int nid; + unsigned int bits; + } FFDH_PARAMS; + + static const FFDH_PARAMS ffdh_params[FFDH_NUM] = { + {"ffdh2048", NID_ffdhe2048, 2048}, + {"ffdh3072", NID_ffdhe3072, 3072}, + {"ffdh4096", NID_ffdhe4096, 4096}, + {"ffdh6144", NID_ffdhe6144, 6144}, + {"ffdh8192", NID_ffdhe8192, 8192} + }; + uint8_t ffdh_doit[FFDH_NUM] = { 0 }; + +#endif /* OPENSSL_NO_DH */ #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 }; uint8_t dsa_doit[DSA_NUM] = { 0 }; @@ -1720,7 +1783,7 @@ int speed_main(int argc, char **argv) case OPT_SECONDS: seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa = seconds.ecdh = seconds.eddsa - = seconds.sm2 = atoi(opt_arg()); + = seconds.sm2 = seconds.ffdh = atoi(opt_arg()); break; case OPT_BYTES: lengths_single = atoi(opt_arg()); @@ -1767,6 +1830,18 @@ int speed_main(int argc, char **argv) } } #endif +#ifndef OPENSSL_NO_DH + if (strncmp(algo, "ffdh", 4) == 0) { + if (algo[4] == '\0') { + memset(ffdh_doit, 1, sizeof(ffdh_doit)); + continue; + } + if (opt_found(algo, ffdh_choices, &i)) { + ffdh_doit[i] = 2; + continue; + } + } +#endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (strncmp(algo, "dsa", 3) == 0) { if (algo[3] == '\0') { @@ -1901,6 +1976,10 @@ int speed_main(int argc, char **argv) #ifndef OPENSSL_NO_EC loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a"); loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b"); +#endif +#ifndef OPENSSL_NO_DH + loopargs[i].secret_ff_a = app_malloc(MAX_FFDH_SIZE, "FFDH secret a"); + loopargs[i].secret_ff_b = app_malloc(MAX_FFDH_SIZE, "FFDH secret b"); #endif } @@ -1919,6 +1998,9 @@ int speed_main(int argc, char **argv) #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) memset(rsa_doit, 1, sizeof(rsa_doit)); #endif +#ifndef OPENSSL_NO_DH + memset(ffdh_doit, 1, sizeof(ffdh_doit)); +#endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) memset(dsa_doit, 1, sizeof(dsa_doit)); #endif @@ -2110,7 +2192,7 @@ int speed_main(int argc, char **argv) c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1; } -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) +# if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) rsa_c[R_RSA_512][0] = count / 2000; rsa_c[R_RSA_512][1] = count / 400; for (i = 1; i < RSA_NUM; i++) { @@ -2260,6 +2342,19 @@ int speed_main(int argc, char **argv) # endif # endif /* OPENSSL_NO_EC */ +# ifndef OPENSSL_NO_DH + ffdh_c[R_FFDH_2048][0] = count / 1000; + for (i = R_FFDH_3072; i <= R_FFDH_8192; i++) { + ffdh_c[i][0] = ffdh_c[i - 1][0] / 2; + if (ffdh_doit[i] <= 1 && ffdh_c[i][0] == 0) { + ffdh_doit[i] = 0; + } else { + if (ffdh_c[i][0] == 0) + ffdh_c[i][0] = 1; + } + } +# endif /* OPENSSL_NO_DH */ + # else /* not worth fixing */ # error "You cannot disable DES on systems without SIGALRM." @@ -3510,8 +3605,188 @@ int speed_main(int argc, char **argv) } } # endif /* OPENSSL_NO_SM2 */ - #endif /* OPENSSL_NO_EC */ + +#ifndef OPENSSL_NO_DH + for (testnum = 0; testnum < FFDH_NUM; testnum++) { + int ffdh_checks = 1; + + if (!ffdh_doit[testnum]) + continue; + + for (i = 0; i < loopargs_len; i++) { + EVP_PKEY *pkey_A = NULL; + EVP_PKEY *pkey_B = NULL; + EVP_PKEY_CTX *ffdh_ctx = NULL; + EVP_PKEY_CTX *test_ctx = NULL; + size_t secret_size; + size_t test_out; + + /* Ensure that the error queue is empty */ + if (ERR_peek_error()) { + BIO_printf(bio_err, + "WARNING: the error queue contains previous unhandled errors.\n"); + ERR_print_errors(bio_err); + } + + pkey_A = EVP_PKEY_new(); + if (!pkey_A) { + BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + pkey_B = EVP_PKEY_new(); + if (!pkey_B) { + BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + + ffdh_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL); + if (!ffdh_ctx) { + BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + + if (EVP_PKEY_keygen_init(ffdh_ctx) <= 0) { + BIO_printf(bio_err, "Error while initialising EVP_PKEY_CTX.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + if (EVP_PKEY_CTX_set_dh_nid(ffdh_ctx, ffdh_params[testnum].nid) <= 0) { + BIO_printf(bio_err, "Error setting DH key size for keygen.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + + if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 || + EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) { + BIO_printf(bio_err, "FFDH key generation failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + + EVP_PKEY_CTX_free(ffdh_ctx); + + /* check if the derivation works correctly both ways so that + * we know if future derive calls will fail, and we can skip + * error checking in benchmarked code */ + ffdh_ctx = EVP_PKEY_CTX_new(pkey_A, NULL); + if (!ffdh_ctx) { + BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + if (EVP_PKEY_derive_init(ffdh_ctx) <= 0) { + BIO_printf(bio_err, "FFDH derivation context init failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + if (EVP_PKEY_derive_set_peer(ffdh_ctx, pkey_B) <= 0) { + BIO_printf(bio_err, "Assigning peer key for derivation failed.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + if (EVP_PKEY_derive(ffdh_ctx, NULL, &secret_size) <= 0) { + BIO_printf(bio_err, "Checking size of shared secret failed.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + if (secret_size > MAX_FFDH_SIZE) { + BIO_printf(bio_err, "Assertion failure: shared secret too large.\n"); + rsa_count = 1; + ffdh_checks = 0; + break; + } + if (EVP_PKEY_derive(ffdh_ctx, + loopargs[i].secret_ff_a, + &secret_size) <= 0) { + BIO_printf(bio_err, "Shared secret derive failure.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + /* Now check from side B */ + test_ctx = EVP_PKEY_CTX_new(pkey_B, NULL); + if (!test_ctx) { + BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + if (!EVP_PKEY_derive_init(test_ctx) || + !EVP_PKEY_derive_set_peer(test_ctx, pkey_A) || + !EVP_PKEY_derive(test_ctx, NULL, &test_out) || + !EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) || + test_out != secret_size) { + BIO_printf(bio_err, "FFDH computation failure.\n"); + rsa_count = 1; + ffdh_checks = 0; + break; + } + + /* compare the computed secrets */ + if (CRYPTO_memcmp(loopargs[i].secret_ff_a, + loopargs[i].secret_ff_b, secret_size)) { + BIO_printf(bio_err, "FFDH computations don't match.\n"); + ERR_print_errors(bio_err); + rsa_count = 1; + ffdh_checks = 0; + break; + } + + loopargs[i].ffdh_ctx[testnum] = ffdh_ctx; + + EVP_PKEY_free(pkey_A); + pkey_A = NULL; + EVP_PKEY_free(pkey_B); + pkey_B = NULL; + EVP_PKEY_CTX_free(test_ctx); + test_ctx = NULL; + } + if (ffdh_checks != 0) { + pkey_print_message("", "ffdh", ffdh_c[testnum][0], + ffdh_params[testnum].bits, seconds.ffdh); + Time_F(START); + count = + run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs); + d = Time_F(STOP); + BIO_printf(bio_err, + mr ? "+R12:%ld:%d:%.2f\n" : + "%ld %u-bits FFDH ops in %.2fs\n", count, + ffdh_params[testnum].bits, d); + ffdh_results[testnum][0] = (double)count / d; + rsa_count = count; + }; + if (rsa_count <= 1) { + /* if longer than 10s, don't do any more */ + stop_it(ffdh_doit, testnum); + } + } +#endif /* OPENSSL_NO_DH */ #ifndef NO_FORK show_res: #endif @@ -3688,6 +3963,26 @@ int speed_main(int argc, char **argv) } # endif #endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_DH + testnum = 1; + for (k = 0; k < FFDH_NUM; k++) { + if (!ffdh_doit[k]) + continue; + if (testnum && !mr) { + printf("%23sop op/s\n", " "); + testnum = 0; + } + if (mr) + printf("+F8:%u:%u:%f:%f\n", + k, ffdh_params[k].bits, + ffdh_results[k][0], 1.0 / ffdh_results[k][0]); + + else + printf("%4u bits ffdh %8.4fs %8.1f\n", + ffdh_params[k].bits, + 1.0 / ffdh_results[k][0], ffdh_results[k][0]); + } +#endif /* OPENSSL_NO_DH */ ret = 0; @@ -3701,6 +3996,13 @@ int speed_main(int argc, char **argv) for (k = 0; k < RSA_NUM; k++) RSA_free(loopargs[i].rsa_key[k]); #endif +#ifndef OPENSSL_NO_DH + OPENSSL_free(loopargs[i].secret_ff_a); + OPENSSL_free(loopargs[i].secret_ff_b); + for (k = 0; k < FFDH_NUM; k++) { + EVP_PKEY_CTX_free(loopargs[i].ffdh_ctx[k]); + } +#endif #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) for (k = 0; k < DSA_NUM; k++) DSA_free(loopargs[i].dsa_key[k]); @@ -3982,7 +4284,20 @@ static int do_multi(int multi, int size_num) sm2_results[k][1] += d; } # endif /* OPENSSL_NO_SM2 */ -# endif +# endif /* OPENSSL_NO_EC */ +# ifndef OPENSSL_NO_DH + else if (strncmp(buf, "+F8:", 4) == 0) { + int k; + double d; + + p = buf + 4; + k = atoi(sstrsep(&p, sep)); + sstrsep(&p, sep); + + d = atof(sstrsep(&p, sep)); + ffdh_results[k][0] += d; + } +# endif /* OPENSSL_NO_DH */ else if (strncmp(buf, "+H:", 3) == 0) { ; From dev at ddvo.net Mon Jun 1 07:24:17 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Mon, 01 Jun 2020 07:24:17 +0000 Subject: [openssl] master update Message-ID: <1590996257.272593.31551.nullmailer@dev.openssl.org> The branch master has been updated via dc18e4ddfbd55b738dd7ccd9347accf6c5b342f6 (commit) from 60d3b5b9ffb8c1273af0cc0338ec1c98f464f4b1 (commit) - Log ----------------------------------------------------------------- commit dc18e4ddfbd55b738dd7ccd9347accf6c5b342f6 Author: Dr. David von Oheimb Date: Wed May 27 12:16:53 2020 +0200 Make BIO_do_connect() and friends handle multiple IP addresses Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11971) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_conn.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index d3bd33e957..31a5b58b7d 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -188,8 +188,17 @@ static int conn_state(BIO *b, BIO_CONNECT *c) case BIO_CONN_S_BLOCKED_CONNECT: i = BIO_sock_error(b->num); - if (i) { + if (i != 0) { BIO_clear_retry_flags(b); + if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) { + /* + * if there are more addresses to try, do that first + */ + BIO_closesocket(b->num); + c->state = BIO_CONN_S_CREATE_SOCKET; + ERR_clear_error(); + break; + } ERR_raise_data(ERR_LIB_SYS, i, "calling connect(%s, %s)", c->param_hostname, c->param_service); From dev at ddvo.net Mon Jun 1 07:27:17 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Mon, 01 Jun 2020 07:27:17 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1590996437.596869.1988.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via ec5aad1ca26599bcaddc3a03708fb925b21f3b6c (commit) from 7d76c1fa0d6cd085419cb4cfadad8cfdfd24ce1f (commit) - Log ----------------------------------------------------------------- commit ec5aad1ca26599bcaddc3a03708fb925b21f3b6c Author: Dr. David von Oheimb Date: Thu May 28 19:03:37 2020 +0200 Make BIO_do_connect() and friends handle multiple IP addresses Backport of #11971 Reviewed-by: Tomas Mraz Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11989) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_conn.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index dd43a40601..f4c6b85728 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -186,8 +186,17 @@ static int conn_state(BIO *b, BIO_CONNECT *c) case BIO_CONN_S_BLOCKED_CONNECT: i = BIO_sock_error(b->num); - if (i) { + if (i != 0) { BIO_clear_retry_flags(b); + if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) { + /* + * if there are more addresses to try, do that first + */ + BIO_closesocket(b->num); + c->state = BIO_CONN_S_CREATE_SOCKET; + ERR_clear_error(); + break; + } SYSerr(SYS_F_CONNECT, i); ERR_add_error_data(4, "hostname=", c->param_hostname, From builds at travis-ci.org Mon Jun 1 07:50:28 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jun 2020 07:50:28 +0000 Subject: Still Failing: openssl/openssl#35126 (master - 60d3b5b) In-Reply-To: Message-ID: <5ed4b3435c64f_13f814dfdd2307893c@travis-tasks-795b9cfd77-9qkkt.mail> Build Update for openssl/openssl ------------------------------------- Build: #35126 Status: Still Failing Duration: 47 mins and 28 secs Commit: 60d3b5b (master) Author: Hubert Kario Message: add FFDH to speed command the openssl speed command could not benchmark FFDH speed, but it could benchmark ECDH, making comparisons between the two hard this commit adds this feature fixes #9475 Signed-off-by: Hubert Kario Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10887) View the changeset: https://github.com/openssl/openssl/compare/082c041b4233...60d3b5b9ffb8 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693343777?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Mon Jun 1 08:21:07 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jun 2020 08:21:07 +0000 Subject: Still Failing: openssl/openssl#35127 (master - dc18e4d) In-Reply-To: Message-ID: <5ed4ba72f0836_13f814d5c9d8495189@travis-tasks-795b9cfd77-9qkkt.mail> Build Update for openssl/openssl ------------------------------------- Build: #35127 Status: Still Failing Duration: 54 mins and 9 secs Commit: dc18e4d (master) Author: Dr. David von Oheimb Message: Make BIO_do_connect() and friends handle multiple IP addresses Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11971) View the changeset: https://github.com/openssl/openssl/compare/60d3b5b9ffb8...dc18e4ddfbd5 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693347994?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tjh at openssl.org Mon Jun 1 09:53:14 2020 From: tjh at openssl.org (Tim Hudson) Date: Mon, 01 Jun 2020 09:53:14 +0000 Subject: [openssl] master update Message-ID: <1591005194.252276.21085.nullmailer@dev.openssl.org> The branch master has been updated via c7f837cfcc5b2e5cd8eeeff82e0245323f206d02 (commit) from dc18e4ddfbd55b738dd7ccd9347accf6c5b342f6 (commit) - Log ----------------------------------------------------------------- commit c7f837cfcc5b2e5cd8eeeff82e0245323f206d02 Author: Tim Hudson Date: Mon Jun 1 19:52:23 2020 +1000 undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12001) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 7 ------- crypto/x509/x509_d2.c | 3 --- doc/man3/SSL_CTX_load_verify_locations.pod | 14 +++++--------- doc/man3/X509_STORE_add_cert.pod | 2 -- include/openssl/ssl.h | 4 ++-- include/openssl/x509_vfy.h | 4 ++-- ssl/ssl_lib.c | 2 -- util/libcrypto.num | 2 +- util/libssl.num | 2 +- 9 files changed, 11 insertions(+), 29 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 10fd8d541d..241d6ca23c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -542,13 +542,6 @@ OpenSSL 3.0 - SSL_CTX_load_verify_dir() - SSL_CTX_load_verify_store() - Also, the following functions are now deprecated: - - - X509_STORE_load_locations() (use X509_STORE_load_file(), - X509_STORE_load_path() or X509_STORE_load_store() instead) - - SSL_CTX_load_verify_locations() (use SSL_CTX_load_verify_file(), - SSL_CTX_load_verify_dir() or SSL_CTX_load_verify_store() instead) - *Richard Levitte* * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c index cb0f84a7e8..dec5f9d077 100644 --- a/crypto/x509/x509_d2.c +++ b/crypto/x509/x509_d2.c @@ -73,8 +73,6 @@ int X509_STORE_load_store(X509_STORE *ctx, const char *uri) return 1; } -/* Deprecated */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *path) { @@ -86,4 +84,3 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file, return 0; return 1; } -#endif diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod index d28ec4c867..ecc75b72e0 100644 --- a/doc/man3/SSL_CTX_load_verify_locations.pod +++ b/doc/man3/SSL_CTX_load_verify_locations.pod @@ -22,20 +22,16 @@ SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); -Deprecated since OpenSSL 3.0, can be hidden entirely by defining -B with a suitable version value, see -L: - int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); =head1 DESCRIPTION -SSL_CTX_load_verify_dir(), SSL_CTX_load_verify_file(), -SSL_CTX_load_verify_store() specifies the locations for B, at -which CA certificates for verification purposes are located. The -certificates available via B, B and B are -trusted. +SSL_CTX_load_verify_locations(), SSL_CTX_load_verify_dir(), +SSL_CTX_load_verify_file(), SSL_CTX_load_verify_store() specifies the +locations for B, at which CA certificates for verification purposes +are located. The certificates available via B, B and +B are trusted. SSL_CTX_set_default_verify_paths() specifies that the default locations from which CA certificates are loaded should be used. There is one default directory, diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod index d41f2ae5a6..ce50e368e7 100644 --- a/doc/man3/X509_STORE_add_cert.pod +++ b/doc/man3/X509_STORE_add_cert.pod @@ -32,8 +32,6 @@ X509_STORE_load_locations int X509_STORE_load_path(X509_STORE *ctx, const char *dir); int X509_STORE_load_store(X509_STORE *ctx, const char *uri); -Deprecated: - int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d1e9f7957d..0973f0688d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2025,9 +2025,9 @@ __owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); __owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); __owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); __owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); -DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, +__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath)) + const char *CApath); # define SSL_get0_session SSL_get_session/* just peek at pointer */ __owur SSL_SESSION *SSL_get_session(const SSL *ssl); __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 92aed08380..fda13502c3 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -510,9 +510,9 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); int X509_STORE_load_file(X509_STORE *ctx, const char *file); int X509_STORE_load_path(X509_STORE *ctx, const char *path); int X509_STORE_load_store(X509_STORE *ctx, const char *store); -DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx, +int X509_STORE_load_locations(X509_STORE *ctx, const char *file, - const char *dir)) + const char *dir); int X509_STORE_set_default_paths(X509_STORE *ctx); #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index dafec3d5c7..cb02129d9d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4339,7 +4339,6 @@ int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore) return X509_STORE_load_store(ctx->cert_store, CAstore); } -#ifndef OPENSSL_NO_DEPRECATED_3_0 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath) { @@ -4351,7 +4350,6 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, return 0; return 1; } -#endif void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)) diff --git a/util/libcrypto.num b/util/libcrypto.num index cc11651b76..1a51132387 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -2123,7 +2123,7 @@ X509_EXTENSION_create_by_NID 2168 3_0_0 EXIST::FUNCTION: i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:RSA d2i_CERTIFICATEPOLICIES 2170 3_0_0 EXIST::FUNCTION: CMAC_CTX_get0_cipher_ctx 2171 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0 -X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION: OBJ_find_sigid_algs 2173 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_accuracy 2174 3_0_0 EXIST::FUNCTION:TS NETSCAPE_SPKI_get_pubkey 2175 3_0_0 EXIST::FUNCTION: diff --git a/util/libssl.num b/util/libssl.num index b8e0982daa..d638088dde 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -354,7 +354,7 @@ SSL_set_session_id_context 354 3_0_0 EXIST::FUNCTION: SSL_new 355 3_0_0 EXIST::FUNCTION: TLSv1_1_method 356 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD SSL_CTX_get_cert_store 357 3_0_0 EXIST::FUNCTION: -SSL_CTX_load_verify_locations 358 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +SSL_CTX_load_verify_locations 358 3_0_0 EXIST::FUNCTION: SSL_SESSION_print_fp 359 3_0_0 EXIST::FUNCTION:STDIO SSL_get0_dane_tlsa 360 3_0_0 EXIST::FUNCTION: SSL_CTX_set_generate_session_id 361 3_0_0 EXIST::FUNCTION: From builds at travis-ci.org Mon Jun 1 10:43:51 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jun 2020 10:43:51 +0000 Subject: Still Failing: openssl/openssl#35129 (master - c7f837c) In-Reply-To: Message-ID: <5ed4dbe6d2195_13f8667ed35dc148380@travis-tasks-8b588cbb7-6m895.mail> Build Update for openssl/openssl ------------------------------------- Build: #35129 Status: Still Failing Duration: 49 mins and 59 secs Commit: c7f837c (master) Author: Tim Hudson Message: undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12001) View the changeset: https://github.com/openssl/openssl/compare/dc18e4ddfbd5...c7f837cfcc5b View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693387347?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jun 1 11:15:21 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 01 Jun 2020 11:15:21 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1591010121.836429.29483.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1917, 703 wallclock secs ( 8.13 usr 1.45 sys + 666.71 cusr 43.47 csys = 719.76 CPU) Result: FAIL Makefile:3093: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3091: recipe for target 'tests' failed make: *** [tests] Error 2 From bernd.edlinger at hotmail.de Mon Jun 1 16:20:54 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 01 Jun 2020 16:20:54 +0000 Subject: [openssl] master update Message-ID: <1591028454.976190.24385.nullmailer@dev.openssl.org> The branch master has been updated via 41dccd68b9b9b7622b26d264c5fa190aa5bd4201 (commit) from c7f837cfcc5b2e5cd8eeeff82e0245323f206d02 (commit) - Log ----------------------------------------------------------------- commit 41dccd68b9b9b7622b26d264c5fa190aa5bd4201 Author: Bernd Edlinger Date: Sun May 31 07:51:23 2020 +0200 Revert the check for NaN in %f format Unfortunately -Ofast seems to break that check. Fixes #11994 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12003) ----------------------------------------------------------------------- Summary of changes: crypto/bio/b_print.c | 4 +--- test/bioprinttest.c | 33 --------------------------------- 2 files changed, 1 insertion(+), 36 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 6b995f8233..a5dfff503c 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -638,10 +638,8 @@ fmtfp(char **sbuffer, /* * By subtracting 65535 (2^16-1) we cancel the low order 15 bits * of ULONG_MAX to avoid using imprecise floating point values. - * The second condition is necessary to catch NaN values. */ - if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0 - || !(ufvalue == ufvalue) /* NaN */) { + if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) { /* Number too big */ return 0; } diff --git a/test/bioprinttest.c b/test/bioprinttest.c index 3dd5b3efa2..e6e32a64fc 100644 --- a/test/bioprinttest.c +++ b/test/bioprinttest.c @@ -241,48 +241,15 @@ static int test_fp(int i) return r; } -extern double zero_value; -double zero_value = 0.0; - static int test_big(void) { char buf[80]; - double d, z, inf, nan; /* Test excessively big number. Should fail */ if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX), -1)) return 0; - d = 1.0; - z = zero_value; - inf = d / z; - nan = z / z; - - /* - * Test +/-inf, nan. Should fail. - * Test +/-1.0, +/-0.0. Should work. - */ - if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", inf), -1) - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -inf), -1) - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", nan), -1) - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", d), 8) - || !TEST_str_eq(buf, "1.000000") - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", z), 8) - || !TEST_str_eq(buf, "0.000000") - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -d), 9) - || !TEST_str_eq(buf, "-1.000000") - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -z), 8) - || !TEST_str_eq(buf, "0.000000")) - return 0; - return 1; } From bernd.edlinger at hotmail.de Mon Jun 1 16:21:23 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 01 Jun 2020 16:21:23 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1591028483.972823.25598.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 3fc83feae0bc3fcfbb7cfc8a927bb4a888a7663b (commit) from ec5aad1ca26599bcaddc3a03708fb925b21f3b6c (commit) - Log ----------------------------------------------------------------- commit 3fc83feae0bc3fcfbb7cfc8a927bb4a888a7663b Author: Bernd Edlinger Date: Sun May 31 07:51:23 2020 +0200 Revert the check for NaN in %f format Unfortunately -Ofast seems to break that check. Fixes #11994 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12003) (cherry picked from commit 41dccd68b9b9b7622b26d264c5fa190aa5bd4201) ----------------------------------------------------------------------- Summary of changes: crypto/bio/b_print.c | 4 +--- test/bioprinttest.c | 33 --------------------------------- 2 files changed, 1 insertion(+), 36 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 48556f72bc..2f68fe79cc 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -638,10 +638,8 @@ fmtfp(char **sbuffer, /* * By subtracting 65535 (2^16-1) we cancel the low order 15 bits * of ULONG_MAX to avoid using imprecise floating point values. - * The second condition is necessary to catch NaN values. */ - if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0 - || !(ufvalue == ufvalue) /* NaN */) { + if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) { /* Number too big */ return 0; } diff --git a/test/bioprinttest.c b/test/bioprinttest.c index e37b854e6b..e97de03b2d 100644 --- a/test/bioprinttest.c +++ b/test/bioprinttest.c @@ -241,48 +241,15 @@ static int test_fp(int i) return r; } -extern double zero_value; -double zero_value = 0.0; - static int test_big(void) { char buf[80]; - double d, z, inf, nan; /* Test excessively big number. Should fail */ if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), "%f\n", 2 * (double)ULONG_MAX), -1)) return 0; - d = 1.0; - z = zero_value; - inf = d / z; - nan = z / z; - - /* - * Test +/-inf, nan. Should fail. - * Test +/-1.0, +/-0.0. Should work. - */ - if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", inf), -1) - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -inf), -1) - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", nan), -1) - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", d), 8) - || !TEST_str_eq(buf, "1.000000") - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", z), 8) - || !TEST_str_eq(buf, "0.000000") - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -d), 9) - || !TEST_str_eq(buf, "-1.000000") - || !TEST_int_eq(BIO_snprintf(buf, sizeof(buf), - "%f", -z), 8) - || !TEST_str_eq(buf, "0.000000")) - return 0; - return 1; } From builds at travis-ci.org Mon Jun 1 17:14:40 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jun 2020 17:14:40 +0000 Subject: Errored: openssl/openssl#35135 (master - 41dccd6) In-Reply-To: Message-ID: <5ed5377f3c163_13f82a14129786208@travis-tasks-58c57dc7f7-5kk48.mail> Build Update for openssl/openssl ------------------------------------- Build: #35135 Status: Errored Duration: 53 mins and 19 secs Commit: 41dccd6 (master) Author: Bernd Edlinger Message: Revert the check for NaN in %f format Unfortunately -Ofast seems to break that check. Fixes #11994 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12003) View the changeset: https://github.com/openssl/openssl/compare/c7f837cfcc5b...41dccd68b9b9 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693516016?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Mon Jun 1 20:52:36 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 01 Jun 2020 20:52:36 +0000 Subject: [openssl] master update Message-ID: <1591044756.204719.6495.nullmailer@dev.openssl.org> The branch master has been updated via 32df13497a1f1d7ef90a9c0b3128f65d18ab0086 (commit) from 41dccd68b9b9b7622b26d264c5fa190aa5bd4201 (commit) - Log ----------------------------------------------------------------- commit 32df13497a1f1d7ef90a9c0b3128f65d18ab0086 Author: Bernd Edlinger Date: Sat May 30 09:57:29 2020 +0200 Remove getenv(OPENSSL_FIPS) in openssl command This is left over from the past. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11995) ----------------------------------------------------------------------- Summary of changes: apps/openssl.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/apps/openssl.c b/apps/openssl.c index 0a3c76e7f1..83c384fbfe 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -261,11 +261,6 @@ int main(int argc, char *argv[]) setup_trace(getenv("OPENSSL_TRACE")); #endif - if (getenv("OPENSSL_FIPS")) { - BIO_printf(bio_err, "FIPS mode not supported.\n"); - return 1; - } - if (!apps_startup()) { BIO_printf(bio_err, "FATAL: Startup failure (dev note: apps_startup() failed)\n"); From builds at travis-ci.org Mon Jun 1 21:40:15 2020 From: builds at travis-ci.org (Travis CI) Date: Mon, 01 Jun 2020 21:40:15 +0000 Subject: Failed: openssl/openssl#35139 (master - 32df134) In-Reply-To: Message-ID: <5ed575bea7f72_13fdcba8d95b011149c@travis-tasks-759c558968-dsjnj.mail> Build Update for openssl/openssl ------------------------------------- Build: #35139 Status: Failed Duration: 21 mins and 10 secs Commit: 32df134 (master) Author: Bernd Edlinger Message: Remove getenv(OPENSSL_FIPS) in openssl command This is left over from the past. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11995) View the changeset: https://github.com/openssl/openssl/compare/41dccd68b9b9...32df13497a1f View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693606618?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 2 02:04:41 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jun 2020 02:04:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1591063481.238661.12547.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-core_numbers.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c 5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4079: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3054: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Tue Jun 2 02:59:25 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 02 Jun 2020 02:59:25 +0000 Subject: Build failed: openssl master.34591 Message-ID: <20200602025925.1.C7FA8363893A8450@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 2 03:37:09 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 02 Jun 2020 03:37:09 +0000 Subject: Build failed: openssl master.34592 Message-ID: <20200602033709.1.6202F1822FDC0124@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 2 06:30:41 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jun 2020 06:30:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1591079441.671252.30355.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-core_numbers.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4075: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3050: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From levitte at openssl.org Tue Jun 2 07:46:56 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jun 2020 07:46:56 +0000 Subject: [openssl] master update Message-ID: <1591084016.086425.30392.nullmailer@dev.openssl.org> The branch master has been updated via e306f83c8cfc7ac970d04a36c90634ab8573a594 (commit) from 32df13497a1f1d7ef90a9c0b3128f65d18ab0086 (commit) - Log ----------------------------------------------------------------- commit e306f83c8cfc7ac970d04a36c90634ab8573a594 Author: Richard Levitte Date: Thu May 28 13:53:48 2020 +0200 APPS: Remove make_config_name, use CONF_get1_default_config_file instead Reviewed-by: Bernd Edlinger Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11983) ----------------------------------------------------------------------- Summary of changes: apps/include/apps.h | 2 ++ apps/lib/apps.c | 20 ++++++++++++++------ apps/openssl.c | 26 ++++---------------------- crypto/conf/conf_mod.c | 14 ++++++-------- 4 files changed, 26 insertions(+), 36 deletions(-) diff --git a/apps/include/apps.h b/apps/include/apps.h index b051222244..87d1b47150 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -15,6 +15,7 @@ # include "internal/sockets.h" /* for openssl_fdset() */ # include +# include # include # ifndef OPENSSL_NO_POSIX_IO # include @@ -179,6 +180,7 @@ typedef struct ca_db_st { # endif } CA_DB; +void app_bail_out(char *fmt, ...); void* app_malloc(int sz, const char *what); BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai); int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial, diff --git a/apps/lib/apps.c b/apps/lib/apps.c index dbc9be344d..087ef4ec84 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -671,16 +671,24 @@ static int load_certs_crls(const char *file, int format, return rv; } +void app_bail_out(char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + BIO_vprintf(bio_err, fmt, args); + va_end(args); + ERR_print_errors(bio_err); + exit(1); +} + void* app_malloc(int sz, const char *what) { void *vp = OPENSSL_malloc(sz); - if (vp == NULL) { - BIO_printf(bio_err, "%s: Could not allocate %d bytes for %s\n", - opt_getprog(), sz, what); - ERR_print_errors(bio_err); - exit(1); - } + if (vp == NULL) + app_bail_out("%s: Could not allocate %d bytes for %s\n", + opt_getprog(), sz, what); return vp; } diff --git a/apps/openssl.c b/apps/openssl.c index 83c384fbfe..6265bffa67 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -80,27 +80,6 @@ static void apps_shutdown(void) destroy_ui_method(); } -static char *make_config_name(void) -{ - const char *t; - size_t len; - char *p; - - if ((t = getenv("OPENSSL_CONF")) != NULL) - return OPENSSL_strdup(t); - - t = X509_get_default_cert_area(); - len = strlen(t) + 1 + strlen(OPENSSL_CONF) + 1; - p = app_malloc(len, "config filename buffer"); - strcpy(p, t); -#ifndef OPENSSL_SYS_VMS - strcat(p, "/"); -#endif - strcat(p, OPENSSL_CONF); - - return p; -} - #ifndef OPENSSL_NO_TRACE typedef struct tracedata_st { @@ -243,7 +222,6 @@ int main(int argc, char *argv[]) arg.size = 0; /* Set up some of the environment. */ - default_config_file = make_config_name(); bio_in = dup_bio_in(FORMAT_TEXT); bio_out = dup_bio_out(FORMAT_TEXT); bio_err = dup_bio_err(FORMAT_TEXT); @@ -279,6 +257,10 @@ int main(int argc, char *argv[]) } pname = opt_progname(argv[0]); + default_config_file = CONF_get1_default_config_file(); + if (default_config_file == NULL) + app_bail_out("%s: could not get default config file\n", pname); + /* first check the program name */ f.name = pname; fp = lh_FUNCTION_retrieve(prog, &f); diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 504d9b181a..9d3db8eb31 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -516,25 +516,23 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) char *CONF_get1_default_config_file(void) { + const char *t; char *file, *sep = ""; - int len; + size_t size; if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL) return OPENSSL_strdup(file); - len = strlen(X509_get_default_cert_area()); + t = X509_get_default_cert_area(); #ifndef OPENSSL_SYS_VMS - len++; sep = "/"; #endif - len += strlen(OPENSSL_CONF); - - file = OPENSSL_malloc(len + 1); + size = strlen(t) + strlen(sep) + strlen(OPENSSL_CONF) + 1; + file = OPENSSL_malloc(size); if (file == NULL) return NULL; - BIO_snprintf(file, len + 1, "%s%s%s", X509_get_default_cert_area(), - sep, OPENSSL_CONF); + BIO_snprintf(file, size, "%s%s%s", t, sep, OPENSSL_CONF); return file; } From nic.tuv at gmail.com Tue Jun 2 08:17:41 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Tue, 02 Jun 2020 08:17:41 +0000 Subject: [openssl] master update Message-ID: <1591085861.227131.17521.nullmailer@dev.openssl.org> The branch master has been updated via 23ccae80bd58adfe89e3e345414684eb82bdb531 (commit) from e306f83c8cfc7ac970d04a36c90634ab8573a594 (commit) - Log ----------------------------------------------------------------- commit 23ccae80bd58adfe89e3e345414684eb82bdb531 Author: Billy Brumley Date: Wed May 27 13:30:04 2020 +0300 Move EC_METHOD to internal-only Reviewed-by: Nicola Tuveri Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11928) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 20 +++++++ apps/ecparam.c | 3 +- crypto/ec/ec_asn1.c | 11 ++-- crypto/ec/ec_curve.c | 10 +--- crypto/ec/ec_cvt.c | 4 +- crypto/ec/ec_key.c | 5 +- crypto/ec/ec_lib.c | 22 ++++++-- crypto/ec/ec_local.h | 13 +++++ crypto/ec/eck_prn.c | 2 +- crypto/ec/ecp_s390x_nistp.c | 6 ++ doc/man3/EC_GFp_simple_method.pod | 20 +++++-- doc/man3/EC_GROUP_copy.pod | 23 ++++++-- doc/man3/EC_GROUP_new.pod | 16 +++--- doc/man3/EC_POINT_new.pod | 5 +- include/openssl/ec.h | 40 +++++++------ ssl/t1_lib.c | 2 +- test/ectest.c | 114 +++++++++++--------------------------- util/libcrypto.num | 24 ++++---- 18 files changed, 177 insertions(+), 163 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 241d6ca23c..68fa1e0033 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,26 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Deprecated EC_METHOD_get_field_type(). Applications should switch to + EC_GROUP_get_field_type(). + + *Billy Bob Brumley* + + * Deprecated EC_GFp_simple_method(), EC_GFp_mont_method(), + EC_GF2m_simple_method(), EC_GFp_nist_method(), EC_GFp_nistp224_method() + EC_GFp_nistp256_method(), and EC_GFp_nistp521_method(). + Applications should rely on the library automatically assigning a suitable + EC_METHOD internally upon EC_GROUP construction. + + *Billy Bob Brumley* + + * Deprecated EC_GROUP_new(), EC_GROUP_method_of(), and EC_POINT_method_of(). + EC_METHOD is now an internal-only concept and a suitable EC_METHOD is + assigned internally without application intervention. + Users of EC_GROUP_new() should switch to a different suitable constructor. + + *Billy Bob Brumley* + * Add CAdES-BES signature verification support, mostly derived from ESSCertIDv2 TS (RFC 5816) contribution by Marek Klein. diff --git a/apps/ecparam.c b/apps/ecparam.c index 635bde2db2..4abb0517d9 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -305,7 +305,6 @@ int ecparam_main(int argc, char **argv) size_t buf_len = 0, tmp_len = 0; const EC_POINT *point; int is_prime, len = 0; - const EC_METHOD *meth = EC_GROUP_method_of(group); if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL @@ -317,7 +316,7 @@ int ecparam_main(int argc, char **argv) goto end; } - is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field); + is_prime = (EC_GROUP_get_field_type(group) == NID_X9_62_prime_field); if (!is_prime) { BIO_printf(bio_err, "Can only handle X9.62 prime fields\n"); goto end; diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index b2c91efbfd..a53573cc92 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -27,8 +27,7 @@ int EC_GROUP_get_basis_type(const EC_GROUP *group) { int i; - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != - NID_X9_62_characteristic_two_field) + if (EC_GROUP_get_field_type(group) != NID_X9_62_characteristic_two_field) /* everything else is currently not supported */ return 0; @@ -53,8 +52,7 @@ int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) if (group == NULL) return 0; - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != - NID_X9_62_characteristic_two_field + if (EC_GROUP_get_field_type(group) != NID_X9_62_characteristic_two_field || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) { ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, @@ -74,8 +72,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, if (group == NULL) return 0; - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != - NID_X9_62_characteristic_two_field + if (EC_GROUP_get_field_type(group) != NID_X9_62_characteristic_two_field || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) { @@ -262,7 +259,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) ASN1_OBJECT_free(field->fieldType); ASN1_TYPE_free(field->p.other); - nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); + nid = EC_GROUP_get_field_type(group); /* set OID for the field */ if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 9f929883ec..3be62b3655 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3195,7 +3195,7 @@ static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx, /* If no curve data curve method must handle everything */ if (curve.data == NULL) - return EC_GROUP_new_ex(libctx, + return ec_group_new_ex(libctx, curve.meth != NULL ? curve.meth() : NULL); if ((ctx = BN_CTX_new_ex(libctx)) == NULL) { @@ -3218,7 +3218,7 @@ static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx, if (curve.meth != 0) { meth = curve.meth(); - if (((group = EC_GROUP_new_ex(libctx, meth)) == NULL) || + if (((group = ec_group_new_ex(libctx, meth)) == NULL) || (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -3388,17 +3388,13 @@ int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) unsigned char *param_bytes = NULL; const EC_CURVE_DATA *data; const EC_POINT *generator = NULL; - const EC_METHOD *meth; const BIGNUM *cofactor = NULL; /* An array of BIGNUMs for (p, a, b, x, y, order) */ BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; - meth = EC_GROUP_method_of(group); - if (meth == NULL) - return -1; /* Use the optional named curve nid as a search field */ nid = EC_GROUP_get_curve_name(group); - field_type = EC_METHOD_get_field_type(meth); + field_type = EC_GROUP_get_field_type(group); seed_len = EC_GROUP_get_seed_len(group); seed = EC_GROUP_get0_seed(group); cofactor = EC_GROUP_get0_cofactor(group); diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c index 6d58fdbe10..a8ea6fe7fd 100644 --- a/crypto/ec/ec_cvt.c +++ b/crypto/ec/ec_cvt.c @@ -54,7 +54,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, meth = EC_GFp_mont_method(); #endif - ret = EC_GROUP_new_ex(bn_get_lib_ctx(ctx), meth); + ret = ec_group_new_ex(bn_get_lib_ctx(ctx), meth); if (ret == NULL) return NULL; @@ -75,7 +75,7 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, meth = EC_GF2m_simple_method(); - ret = EC_GROUP_new_ex(bn_get_lib_ctx(ctx), meth); + ret = ec_group_new_ex(bn_get_lib_ctx(ctx), meth); if (ret == NULL) return NULL; diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index aae3171907..47feede54b 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -117,10 +117,9 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) dest->libctx = src->libctx; /* copy the parameters */ if (src->group != NULL) { - const EC_METHOD *meth = EC_GROUP_method_of(src->group); /* clear the old group */ EC_GROUP_free(dest->group); - dest->group = EC_GROUP_new_ex(src->libctx, meth); + dest->group = ec_group_new_ex(src->libctx, src->group->meth); if (dest->group == NULL) return NULL; if (!EC_GROUP_copy(dest->group, src->group)) @@ -398,7 +397,7 @@ static int ec_key_public_range_check(BN_CTX *ctx, const EC_KEY *key) if (!EC_POINT_get_affine_coordinates(key->group, key->pub_key, x, y, ctx)) goto err; - if (EC_METHOD_get_field_type(key->group->meth) == NID_X9_62_prime_field) { + if (EC_GROUP_get_field_type(key->group) == NID_X9_62_prime_field) { if (BN_is_negative(x) || BN_cmp(x, key->group->field) >= 0 || BN_is_negative(y) diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 1b2ddc2b44..f62eff5034 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -23,7 +23,7 @@ /* functions for EC_GROUP objects */ -EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth) +EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth) { EC_GROUP *ret; @@ -65,11 +65,13 @@ EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth) return NULL; } -#ifndef FIPS_MODULE +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# ifndef FIPS_MODULE EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) { - return EC_GROUP_new_ex(NULL, meth); + return ec_group_new_ex(NULL, meth); } +# endif #endif void EC_pre_comp_free(EC_GROUP *group) @@ -255,7 +257,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) if (a == NULL) return NULL; - if ((t = EC_GROUP_new_ex(a->libctx, a->meth)) == NULL) + if ((t = ec_group_new_ex(a->libctx, a->meth)) == NULL) return NULL; if (!EC_GROUP_copy(t, a)) goto err; @@ -270,6 +272,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) return t; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) { return group->meth; @@ -279,6 +282,7 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth) { return meth->field_type; } +#endif static int ec_precompute_mont_data(EC_GROUP *); @@ -475,6 +479,11 @@ const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group) return group->field; } +int EC_GROUP_get_field_type(const EC_GROUP *group) +{ + return group->meth->field_type; +} + void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) { group->asn1_flag = flag; @@ -602,8 +611,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) #endif /* compare the field types */ - if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != - EC_METHOD_get_field_type(EC_GROUP_method_of(b))) + if (EC_GROUP_get_field_type(a) != EC_GROUP_get_field_type(b)) return 1; /* compare the curve name (if present in both) */ if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && @@ -777,10 +785,12 @@ EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) return t; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) { return point->meth; } +#endif int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) { diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h index d9383f10a7..7f9b61bc49 100644 --- a/crypto/ec/ec_local.h +++ b/crypto/ec/ec_local.h @@ -31,6 +31,10 @@ /* Curve does not support signing operations */ #define EC_FLAGS_NO_SIGN 0x4 +#ifdef OPENSSL_NO_DEPRECATED_3_0 +typedef struct ec_method_st EC_METHOD; +#endif + /* * Structure details are not part of the exported interface, so all this may * change in future versions. @@ -585,6 +589,15 @@ void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, #endif int ec_group_simple_order_bits(const EC_GROUP *group); +/** + * Creates a new EC_GROUP object + * \param libctx The associated library context or NULL for the default + * library context + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth); + #ifdef ECP_NISTZ256_ASM /** Returns GFp methods using montgomery multiplication, with x86-64 optimized * P256. See http://eprint.iacr.org/2013/816. diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 51ebedd731..6bcfe032d4 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -115,7 +115,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) /* explicit parameters */ int is_char_two = 0; point_conversion_form_t form; - int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); + int tmp_nid = EC_GROUP_get_field_type(x); if (tmp_nid == NID_X9_62_characteristic_two_field) is_char_two = 1; diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c index 75c8475e69..edbad15cdd 100644 --- a/crypto/ec/ecp_s390x_nistp.c +++ b/crypto/ec/ecp_s390x_nistp.c @@ -7,6 +7,12 @@ * https://www.openssl.org/source/license.html */ +/* + * EC_METHOD low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include #include #include diff --git a/doc/man3/EC_GFp_simple_method.pod b/doc/man3/EC_GFp_simple_method.pod index 4d8f1fbaf0..cbdb6ec1c3 100644 --- a/doc/man3/EC_GFp_simple_method.pod +++ b/doc/man3/EC_GFp_simple_method.pod @@ -8,6 +8,8 @@ EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_me #include +Deprecated since OpenSSL 3.0: + const EC_METHOD *EC_GFp_simple_method(void); const EC_METHOD *EC_GFp_mont_method(void); const EC_METHOD *EC_GFp_nist_method(void); @@ -21,6 +23,10 @@ EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_me =head1 DESCRIPTION + +All const EC_METHOD *EC_GF* functions were deprecated in OpenSSL 3.0, since +EC_METHOD is no longer a public concept. + The Elliptic Curve library provides a number of different implementations through a single common interface. When constructing a curve using EC_GROUP_new (see L) an implementation method must be provided. The functions described here all return a const pointer to an @@ -39,10 +45,8 @@ The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521 optimised implementations for the NIST P224, P256 and P521 curves respectively. Note, however, that these implementations are not available on all platforms. -EC_METHOD_get_field_type identifies what type of field the EC_METHOD structure supports, which will be either -F2^m or Fp. If the field type is Fp then the value B is returned. If the field type is -F2^m then the value B is returned. These values are defined in the -obj_mac.h header file. +EC_METHOD_get_field_type() was deprecated in OpenSSL 3.0. +Applications should use EC_GROUP_get_field_type() as a replacement (see L). =head1 RETURN VALUES @@ -57,6 +61,14 @@ L, L, L, L, L +=head1 HISTORY + +EC_GFp_simple_method(), EC_GFp_mont_method(void), +EC_GFp_nist_method(), EC_GFp_nistp224_method(), +EC_GFp_nistp256_method(), EC_GFp_nistp521_method(), +EC_GF2m_simple_method(), and EC_METHOD_get_field_type() +were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/EC_GROUP_copy.pod b/doc/man3/EC_GROUP_copy.pod index e9a1d183ca..6f33481856 100644 --- a/doc/man3/EC_GROUP_copy.pod +++ b/doc/man3/EC_GROUP_copy.pod @@ -22,8 +22,6 @@ EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); - const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); - int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); @@ -63,6 +61,10 @@ EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, unsigned int *k2, unsigned int *k3); +Deprecated since OpenSSL 3.0: + + const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + =head1 DESCRIPTION EC_GROUP_copy() copies the curve B into B. Both B and B must use the same EC_METHOD. @@ -71,6 +73,7 @@ EC_GROUP_dup() creates a new EC_GROUP object and copies the content from B EC_GROUP object. EC_GROUP_method_of() obtains the EC_METHOD of B. +This function was deprecated in OpenSSL 3.0, since EC_METHOD is no longer a public concept. EC_GROUP_set_generator() sets curve parameters that must be agreed by all participants using the curve. These parameters include the B, the B and the B. The B is a well defined point on the @@ -140,8 +143,12 @@ built-in curves within the library provide seed values that can be obtained. It EC_GROUP_set_seed() and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use this seed value, although it will be preserved in any ASN1 based communications. -EC_GROUP_get_degree() gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be -the value m. +EC_GROUP_get_degree() gets the degree of the field. +For Fp fields this will be the number of bits in p. +For F2^m fields this will be the value m. + +EC_GROUP_get_field_type() identifies what type of field the EC_GROUP structure supports, +which will be either F2^m or Fp. The function EC_GROUP_check_discriminant() calculates the discriminant for the curve and verifies that it is valid. For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is @@ -202,6 +209,10 @@ EC_GROUP_get_point_conversion_form() returns the point_conversion_form for B or 0 if the operation is not supported by the underlying group implementation. +EC_GROUP_get_field_type() returns either B for prime curves +or B for binary curves; +these values are defined in the obj_mac.h header file. + EC_GROUP_check_named_curve() returns the nid of the matching named curve, otherwise it returns 0 for no match, or -1 on error. EC_GROUP_get0_order() returns an internal pointer to the group order. @@ -229,7 +240,9 @@ L, L =head1 HISTORY -The EC_GROUP_check_named_curve() function was added in OpenSSL 3.0. +EC_GROUP_method_of() was deprecated in OpenSSL 3.0. + +EC_GROUP_check_named_curve() and EC_GROUP_get_field_type() were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod index 08bbd80b08..7bea1dd061 100644 --- a/doc/man3/EC_GROUP_new.pod +++ b/doc/man3/EC_GROUP_new.pod @@ -4,7 +4,6 @@ EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, -EC_GROUP_new_ex, EC_GROUP_new, EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, @@ -27,8 +26,6 @@ objects #include - EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth); - EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) void EC_GROUP_free(EC_GROUP *group); @@ -62,6 +59,7 @@ Deprecated since OpenSSL 3.0, can be hidden entirely by defining B with a suitable version value, see L: + EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); void EC_GROUP_clear_free(EC_GROUP *group); =head1 DESCRIPTION @@ -83,20 +81,20 @@ Operations in a binary field are performed relative to an B. All such curves with OpenSSL use a trinomial or a pentanomial for this parameter. -A new curve can be constructed by calling EC_GROUP_new_ex(), using the +Although deprecated since OpenSSL 3.0 and should no longer be used, +a new curve can be constructed by calling EC_GROUP_new(), using the implementation provided by B (see L) and associated with the library context B (see L). The B parameter may be NULL in which case the default library context is used. It is then necessary to call EC_GROUP_set_curve() to set the curve parameters. +Applications should instead use one of the other EC_GROUP_new_* constructors. + EC_GROUP_new_from_ecparameters() will create a group from the specified B and EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK B. -EC_GROUP_new() is the same as EC_GROUP_new_ex() except that the library context -used is always the default library context. - EC_GROUP_set_curve() sets the curve parameters B

, B and B. For a curve over Fp B

is the prime for the field. For a curve over F2^m B

represents the irreducible polynomial - each bit represents a term in the polynomial. @@ -182,7 +180,9 @@ L =item * -EC_GROUP_new_ex() and EC_GROUP_new_by_curve_name_ex() were added in OpenSSL 3.0. +EC_GROUP_new() was deprecated in OpenSSL 3.0. + +EC_GROUP_new_by_curve_name_ex() was added in OpenSSL 3.0. =item * diff --git a/doc/man3/EC_POINT_new.pod b/doc/man3/EC_POINT_new.pod index ab02d607cd..84b11ee0c0 100644 --- a/doc/man3/EC_POINT_new.pod +++ b/doc/man3/EC_POINT_new.pod @@ -38,7 +38,6 @@ EC_POINT_hex2point void EC_POINT_clear_free(EC_POINT *point); int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); - const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, const BIGNUM *y, @@ -68,6 +67,7 @@ EC_POINT_hex2point Deprecated since OpenSSL 3.0: + const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, const BIGNUM *y, @@ -116,6 +116,8 @@ EC_POINT_dup() creates a new B object and copies the content from B to the newly created B object. EC_POINT_method_of() obtains the B associated with B. +This function was deprecated in OpenSSL 3.0, since EC_METHOD is no longer a +public concept. A valid point on a curve is the special point at infinity. A point is set to be at infinity by calling EC_POINT_set_to_infinity(). @@ -249,6 +251,7 @@ L, L =head1 HISTORY +EC_POINT_method_of(), EC_POINT_set_Jprojective_coordinates_GFp(), EC_POINT_get_Jprojective_coordinates_GFp(), EC_POINT_set_affine_coordinates_GFp(), EC_POINT_get_affine_coordinates_GFp(), diff --git a/include/openssl/ec.h b/include/openssl/ec.h index d684e7ca09..90e109b61e 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -47,7 +47,9 @@ typedef enum { POINT_CONVERSION_HYBRID = 6 } point_conversion_form_t; +# ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct ec_method_st EC_METHOD; +# endif typedef struct ec_group_st EC_GROUP; typedef struct ec_point_st EC_POINT; typedef struct ecpk_parameters_st ECPKPARAMETERS; @@ -61,33 +63,33 @@ typedef struct ec_parameters_st ECPARAMETERS; * optimized methods. * \return EC_METHOD object */ -const EC_METHOD *EC_GFp_simple_method(void); +DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_simple_method(void)) /** Returns GFp methods using montgomery multiplication. * \return EC_METHOD object */ -const EC_METHOD *EC_GFp_mont_method(void); +DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_mont_method(void)) /** Returns GFp methods using optimized methods for NIST recommended curves * \return EC_METHOD object */ -const EC_METHOD *EC_GFp_nist_method(void); +DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nist_method(void)) # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /** Returns 64-bit optimized methods for nistp224 * \return EC_METHOD object */ -const EC_METHOD *EC_GFp_nistp224_method(void); +DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp224_method(void)) /** Returns 64-bit optimized methods for nistp256 * \return EC_METHOD object */ -const EC_METHOD *EC_GFp_nistp256_method(void); +DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp256_method(void)) /** Returns 64-bit optimized methods for nistp521 * \return EC_METHOD object */ -const EC_METHOD *EC_GFp_nistp521_method(void); +DEPRECATEDIN_3_0(const EC_METHOD *EC_GFp_nistp521_method(void)) # endif # ifndef OPENSSL_NO_EC2M @@ -98,7 +100,7 @@ const EC_METHOD *EC_GFp_nistp521_method(void); /** Returns the basic GF2m ec method * \return EC_METHOD object */ -const EC_METHOD *EC_GF2m_simple_method(void); +DEPRECATEDIN_3_0(const EC_METHOD *EC_GF2m_simple_method(void)) # endif @@ -108,20 +110,10 @@ const EC_METHOD *EC_GF2m_simple_method(void); /** * Creates a new EC_GROUP object - * \param libctx The associated library context or NULL for the default - * library context * \param meth EC_METHOD to use * \return newly created EC_GROUP object or NULL in case of an error. */ -EC_GROUP *EC_GROUP_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth); - -/** - * Creates a new EC_GROUP object. Same as EC_GROUP_new_ex with NULL for the - * library context. - * \param meth EC_METHOD to use - * \return newly created EC_GROUP object or NULL in case of an error. - */ -EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); +DEPRECATEDIN_3_0(EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)) /** Frees a EC_GROUP object * \param group EC_GROUP object to be freed. @@ -151,13 +143,13 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); * \param group EC_GROUP object * \return EC_METHOD used in this EC_GROUP object. */ -const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); +DEPRECATEDIN_3_0(const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)) /** Returns the field type of the EC_METHOD. * \param meth EC_METHOD object * \return NID of the underlying field type OID. */ -int EC_METHOD_get_field_type(const EC_METHOD *meth); +DEPRECATEDIN_3_0(int EC_METHOD_get_field_type(const EC_METHOD *meth)) /** Sets the generator and its order/cofactor of a EC_GROUP object. * \param group EC_GROUP object @@ -235,6 +227,12 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group); */ const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group); +/** Returns the field type of the EC_GROUP. + * \param group EC_GROUP object + * \return NID of the underlying field type OID. + */ +int EC_GROUP_get_field_type(const EC_GROUP *group); + void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); int EC_GROUP_get_asn1_flag(const EC_GROUP *group); @@ -493,7 +491,7 @@ EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); * \param point EC_POINT object * \return the EC_METHOD used */ -const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); +DEPRECATEDIN_3_0(const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)) /** Sets a point to infinity (neutral element) * \param group underlying EC_GROUP object diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f3373dc6d5..5afe53acfc 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -621,7 +621,7 @@ static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey) */ return 1; } else { - int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp)); + int field_type = EC_GROUP_get_field_type(grp); if (field_type == NID_X9_62_prime_field) comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; diff --git a/test/ectest.c b/test/ectest.c index f4ccdfb4c1..2fdf339271 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -161,9 +161,7 @@ static int prime_field_tests(void) { BN_CTX *ctx = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL; - EC_GROUP *group = NULL, *tmp = NULL; - EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, - *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; + EC_GROUP *group = NULL; EC_POINT *P = NULL, *Q = NULL, *R = NULL; BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL; # ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -181,20 +179,8 @@ static int prime_field_tests(void) || !TEST_true(BN_hex2bn(&p, "17")) || !TEST_true(BN_hex2bn(&a, "1")) || !TEST_true(BN_hex2bn(&b, "1")) - /* - * applications should use EC_GROUP_new_curve_GFp so - * that the library gets to choose the EC_METHOD - */ - || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method())) - || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) - || !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(tmp, group))) - goto err; - EC_GROUP_free(group); - group = tmp; - tmp = NULL; - - if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))) + || !TEST_ptr(group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) + || !TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))) goto err; TEST_info("Curve defined by Weierstrass equation"); @@ -327,8 +313,6 @@ static int prime_field_tests(void) || !TEST_BN_eq(y, z) || !TEST_int_eq(EC_GROUP_get_degree(group), 160) || !group_order_tests(group) - || !TEST_ptr(P_160 = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(P_160, group)) /* Curve P-192 (FIPS PUB 186-2, App. 6) */ @@ -366,8 +350,6 @@ static int prime_field_tests(void) ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 192) || !group_order_tests(group) - || !TEST_ptr(P_192 = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(P_192, group)) /* Curve P-224 (FIPS PUB 186-2, App. 6) */ @@ -405,8 +387,6 @@ static int prime_field_tests(void) ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 224) || !group_order_tests(group) - || !TEST_ptr(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(P_224, group)) /* Curve P-256 (FIPS PUB 186-2, App. 6) */ @@ -445,8 +425,6 @@ static int prime_field_tests(void) ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 256) || !group_order_tests(group) - || !TEST_ptr(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(P_256, group)) /* Curve P-384 (FIPS PUB 186-2, App. 6) */ @@ -491,8 +469,6 @@ static int prime_field_tests(void) ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 384) || !group_order_tests(group) - || !TEST_ptr(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(P_384, group)) /* Curve P-521 (FIPS PUB 186-2, App. 6) */ || !TEST_true(BN_hex2bn(&p, "1FF" @@ -547,8 +523,6 @@ static int prime_field_tests(void) ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 521) || !group_order_tests(group) - || !TEST_ptr(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(P_521, group)) /* more tests using the last curve */ @@ -620,7 +594,6 @@ err: BN_free(a); BN_free(b); EC_GROUP_free(group); - EC_GROUP_free(tmp); EC_POINT_free(P); EC_POINT_free(Q); EC_POINT_free(R); @@ -629,13 +602,6 @@ err: BN_free(z); BN_free(yplusone); BN_free(scalar3); - - EC_GROUP_free(P_160); - EC_GROUP_free(P_192); - EC_GROUP_free(P_224); - EC_GROUP_free(P_256); - EC_GROUP_free(P_384); - EC_GROUP_free(P_521); return r; } @@ -817,7 +783,7 @@ static int char2_curve_test(int n) BN_CTX *ctx = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL; BIGNUM *x = NULL, *y = NULL, *z = NULL, *cof = NULL, *yplusone = NULL; - EC_GROUP *group = NULL, *variable = NULL; + EC_GROUP *group = NULL; EC_POINT *P = NULL, *Q = NULL, *R = NULL; # ifndef OPENSSL_NO_DEPRECATED_3_0 const EC_POINT *points[3]; @@ -836,8 +802,7 @@ static int char2_curve_test(int n) || !TEST_true(BN_hex2bn(&p, test->p)) || !TEST_true(BN_hex2bn(&a, test->a)) || !TEST_true(BN_hex2bn(&b, test->b)) - || !TEST_true(group = EC_GROUP_new(EC_GF2m_simple_method())) - || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) + || !TEST_true(group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) || !TEST_ptr(P = EC_POINT_new(group)) || !TEST_ptr(Q = EC_POINT_new(group)) || !TEST_ptr(R = EC_POINT_new(group)) @@ -887,9 +852,7 @@ static int char2_curve_test(int n) # endif if (!TEST_int_eq(EC_GROUP_get_degree(group), test->degree) - || !group_order_tests(group) - || !TEST_ptr(variable = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(variable, group))) + || !group_order_tests(group)) goto err; /* more tests using the last curve */ @@ -966,7 +929,6 @@ err: EC_POINT_free(Q); EC_POINT_free(R); EC_GROUP_free(group); - EC_GROUP_free(variable); return r; } @@ -974,7 +936,7 @@ static int char2_field_tests(void) { BN_CTX *ctx = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL; - EC_GROUP *group = NULL, *tmp = NULL; + EC_GROUP *group = NULL; EC_POINT *P = NULL, *Q = NULL, *R = NULL; BIGNUM *x = NULL, *y = NULL, *z = NULL, *cof = NULL, *yplusone = NULL; unsigned char buf[100]; @@ -990,20 +952,8 @@ static int char2_field_tests(void) || !TEST_true(BN_hex2bn(&b, "1"))) goto err; - group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use - * EC_GROUP_new_curve_GF2m - * so that the library gets - * to choose the EC_METHOD */ - if (!TEST_ptr(group) - || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) - || !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group))) - || !TEST_true(EC_GROUP_copy(tmp, group))) - goto err; - EC_GROUP_free(group); - group = tmp; - tmp = NULL; - - if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))) + if (!TEST_ptr(group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) + || !TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))) goto err; TEST_info("Curve defined by Weierstrass equation"); @@ -1124,7 +1074,6 @@ err: BN_free(a); BN_free(b); EC_GROUP_free(group); - EC_GROUP_free(tmp); EC_POINT_free(P); EC_POINT_free(Q); EC_POINT_free(R); @@ -1207,13 +1156,12 @@ static int group_field_test(void) return r; } -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /* - * nistp_test_params contains magic numbers for testing our optimized - * implementations of several NIST curves with characteristic > 3. + * nistp_test_params contains magic numbers for testing + * several NIST curves with characteristic > 3. */ struct nistp_test_params { - const EC_METHOD *(*meth) (void); + const int nid; int degree; /* * Qx, Qy and D are taken from @@ -1226,7 +1174,7 @@ struct nistp_test_params { static const struct nistp_test_params nistp_tests_params[] = { { /* P-224 */ - EC_GFp_nistp224_method, + NID_secp224r1, 224, /* p */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", @@ -1249,7 +1197,7 @@ static const struct nistp_test_params nistp_tests_params[] = { }, { /* P-256 */ - EC_GFp_nistp256_method, + NID_X9_62_prime256v1, 256, /* p */ "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", @@ -1272,7 +1220,7 @@ static const struct nistp_test_params nistp_tests_params[] = { }, { /* P-521 */ - EC_GFp_nistp521_method, + NID_secp521r1, 521, /* p */ "1ff" @@ -1336,7 +1284,7 @@ static int nistp_single_test(int idx) || !TEST_ptr(order = BN_new()) || !TEST_ptr(yplusone = BN_new()) - || !TEST_ptr(NISTP = EC_GROUP_new(test->meth())) + || !TEST_ptr(NISTP = EC_GROUP_new_by_curve_name(test->nid)) || !TEST_true(BN_hex2bn(&p, test->p)) || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL)) || !TEST_true(BN_hex2bn(&a, test->a)) @@ -1396,7 +1344,6 @@ static int nistp_single_test(int idx) || !TEST_false(EC_GROUP_have_precompute_mult(NISTP)) /* now repeat all tests with precomputation */ || !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx)) - || !TEST_true(EC_GROUP_have_precompute_mult(NISTP)) # endif ) goto err; @@ -1430,7 +1377,7 @@ static int nistp_single_test(int idx) || !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx))) goto err; - r = group_order_tests(NISTP); + r = 1; err: EC_GROUP_free(NISTP); EC_POINT_free(G); @@ -1449,7 +1396,6 @@ err: BN_CTX_free(ctx); return r; } -# endif static const unsigned char p521_named[] = { 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, @@ -1543,7 +1489,7 @@ static int check_named_curve_test(int id) /* Determine if the built-in curve has a seed field set */ has_seed = (EC_GROUP_get_seed_len(group) > 0); - field_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); + field_nid = EC_GROUP_get_field_type(group); if (field_nid == NID_X9_62_characteristic_two_field) { if (!TEST_ptr(other_p = BN_dup(group_p)) || !TEST_true(BN_lshift1(other_p, other_p))) @@ -2158,7 +2104,7 @@ static int cofactor_range_test(void) */ static int cardinality_test(int n) { - int ret = 0; + int ret = 0, is_binary = 0; int nid = curves[n].nid; BN_CTX *ctx = NULL; EC_GROUP *g1 = NULL, *g2 = NULL; @@ -2169,14 +2115,13 @@ static int cardinality_test(int n) TEST_info("Curve %s cardinality test", OBJ_nid2sn(nid)); if (!TEST_ptr(ctx = BN_CTX_new()) - || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid)) - || !TEST_ptr(g2 = EC_GROUP_new(EC_GROUP_method_of(g1)))) { - EC_GROUP_free(g1); - EC_GROUP_free(g2); + || !TEST_ptr(g1 = EC_GROUP_new_by_curve_name(nid))) { BN_CTX_free(ctx); return 0; } + is_binary = (EC_GROUP_get_field_type(g1) == NID_X9_62_characteristic_two_field); + BN_CTX_start(ctx); g1_p = BN_CTX_get(ctx); g1_a = BN_CTX_get(ctx); @@ -2194,7 +2139,14 @@ static int cardinality_test(int n) || !TEST_true(BN_copy(g1_order, EC_GROUP_get0_order(g1))) || !TEST_true(EC_GROUP_get_cofactor(g1, g1_cf, ctx)) /* construct g2 manually with g1 parameters */ - || !TEST_true(EC_GROUP_set_curve(g2, g1_p, g1_a, g1_b, ctx)) +# ifndef OPENSSL_NO_EC2M + || !TEST_ptr(g2 = (is_binary) ? + EC_GROUP_new_curve_GF2m(g1_p, g1_a, g1_b, ctx) : + EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) +# else + || !TEST_int_eq(0, is_binary) + || !TEST_ptr(g2 = EC_GROUP_new_curve_GFp(g1_p, g1_a, g1_b, ctx)) +# endif || !TEST_ptr(g2_gen = EC_POINT_new(g2)) || !TEST_true(EC_POINT_set_affine_coordinates(g2, g2_gen, g1_x, g1_y, ctx)) /* pass NULL cofactor: lib should compute it */ @@ -2238,7 +2190,6 @@ static int check_ec_key_field_public_range_test(int id) int ret = 0, type = 0; const EC_POINT *pub = NULL; const EC_GROUP *group = NULL; - const EC_METHOD *meth = NULL; const BIGNUM *field = NULL; BIGNUM *x = NULL, *y = NULL; EC_KEY *key = NULL; @@ -2247,7 +2198,6 @@ static int check_ec_key_field_public_range_test(int id) || !TEST_ptr(y = BN_new()) || !TEST_ptr(key = EC_KEY_new_by_curve_name(curves[id].nid)) || !TEST_ptr(group = EC_KEY_get0_group(key)) - || !TEST_ptr(meth = EC_GROUP_method_of(group)) || !TEST_ptr(field = EC_GROUP_get0_field(group)) || !TEST_int_gt(EC_KEY_generate_key(key), 0) || !TEST_int_gt(EC_KEY_check_key(key), 0) @@ -2260,7 +2210,7 @@ static int check_ec_key_field_public_range_test(int id) * Make the public point out of range by adding the field (which will still * be the same point on the curve). The add is different for char2 fields. */ - type = EC_METHOD_get_field_type(meth); + type = EC_GROUP_get_field_type(group); #ifndef OPENSSL_NO_EC2M if (type == NID_X9_62_characteristic_two_field) { /* test for binary curves */ @@ -2405,9 +2355,7 @@ int setup_tests(void) ADD_TEST(char2_field_tests); ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests)); # endif -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params)); -# endif ADD_ALL_TESTS(internal_curve_test, crv_len); ADD_ALL_TESTS(internal_curve_test_method, crv_len); ADD_TEST(group_field_test); diff --git a/util/libcrypto.num b/util/libcrypto.num index 1a51132387..fd0509172f 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -40,7 +40,7 @@ X509_NAME_delete_entry 40 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_verify_recover 41 3_0_0 EXIST::FUNCTION: UI_set_method 42 3_0_0 EXIST::FUNCTION: PKCS7_ISSUER_AND_SERIAL_it 43 3_0_0 EXIST::FUNCTION: -EC_GROUP_method_of 44 3_0_0 EXIST::FUNCTION:EC +EC_GROUP_method_of 44 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC RSA_blinding_on 45 3_0_0 EXIST::FUNCTION:RSA X509_get0_signature 47 3_0_0 EXIST::FUNCTION: X509_REVOKED_get0_extensions 48 3_0_0 EXIST::FUNCTION: @@ -1181,7 +1181,7 @@ PKCS7_add_attribute 1207 3_0_0 EXIST::FUNCTION: ENGINE_register_DSA 1208 3_0_0 EXIST::FUNCTION:ENGINE OPENSSL_LH_node_stats 1209 3_0_0 EXIST::FUNCTION:STDIO X509_policy_tree_free 1210 3_0_0 EXIST::FUNCTION: -EC_GFp_simple_method 1211 3_0_0 EXIST::FUNCTION:EC +EC_GFp_simple_method 1211 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC X509_it 1212 3_0_0 EXIST::FUNCTION: d2i_PROXY_POLICY 1213 3_0_0 EXIST::FUNCTION: MDC2_Update 1214 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2 @@ -1197,7 +1197,7 @@ X509_time_adj 1223 3_0_0 EXIST::FUNCTION: EVP_PKEY_asn1_find_str 1224 3_0_0 EXIST::FUNCTION: X509_VERIFY_PARAM_get_flags 1225 3_0_0 EXIST::FUNCTION: OPENSSL_DIR_end 1226 3_0_0 EXIST::FUNCTION: -EC_GROUP_new 1227 3_0_0 EXIST::FUNCTION:EC +EC_GROUP_new 1227 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC CMS_SignerInfo_get0_pkey_ctx 1228 3_0_0 EXIST::FUNCTION:CMS d2i_ASN1_PRINTABLESTRING 1229 3_0_0 EXIST::FUNCTION: CMS_RecipientInfo_ktri_cert_cmp 1230 3_0_0 EXIST::FUNCTION:CMS @@ -2116,7 +2116,7 @@ EVP_MD_flags 2161 3_0_0 EXIST::FUNCTION: OPENSSL_sk_set 2162 3_0_0 EXIST::FUNCTION: OCSP_request_sign 2163 3_0_0 EXIST::FUNCTION:OCSP BN_GF2m_mod_solve_quad 2164 3_0_0 EXIST::FUNCTION:EC2M -EC_POINT_method_of 2165 3_0_0 EXIST::FUNCTION:EC +EC_POINT_method_of 2165 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC PKCS7_ENCRYPT_it 2166 3_0_0 EXIST::FUNCTION: AUTHORITY_INFO_ACCESS_it 2167 3_0_0 EXIST::FUNCTION: X509_EXTENSION_create_by_NID 2168 3_0_0 EXIST::FUNCTION: @@ -2183,7 +2183,7 @@ POLICY_CONSTRAINTS_new 2230 3_0_0 EXIST::FUNCTION: OTHERNAME_new 2231 3_0_0 EXIST::FUNCTION: BN_rshift 2232 3_0_0 EXIST::FUNCTION: i2d_GENERAL_NAMES 2233 3_0_0 EXIST::FUNCTION: -EC_METHOD_get_field_type 2234 3_0_0 EXIST::FUNCTION:EC +EC_METHOD_get_field_type 2234 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC ENGINE_set_name 2235 3_0_0 EXIST::FUNCTION:ENGINE TS_TST_INFO_get_policy_id 2236 3_0_0 EXIST::FUNCTION:TS PKCS7_SIGNER_INFO_set 2237 3_0_0 EXIST::FUNCTION: @@ -2607,7 +2607,7 @@ EVP_PKEY_assign 2662 3_0_0 EXIST::FUNCTION: EVP_aes_128_ofb 2663 3_0_0 EXIST::FUNCTION: CMS_data 2664 3_0_0 EXIST::FUNCTION:CMS X509_load_cert_file 2665 3_0_0 EXIST::FUNCTION: -EC_GFp_nistp521_method 2667 3_0_0 EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128 +EC_GFp_nistp521_method 2667 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128 ECDSA_SIG_free 2668 3_0_0 EXIST::FUNCTION:EC d2i_PKCS12_BAGS 2669 3_0_0 EXIST::FUNCTION: RSA_public_encrypt 2670 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA @@ -2743,7 +2743,7 @@ CMS_dataFinal 2802 3_0_0 EXIST::FUNCTION:CMS ASN1_TIME_it 2803 3_0_0 EXIST::FUNCTION: ENGINE_get_static_state 2804 3_0_0 EXIST::FUNCTION:ENGINE EC_KEY_set_asn1_flag 2805 3_0_0 EXIST::FUNCTION:EC -EC_GFp_mont_method 2806 3_0_0 EXIST::FUNCTION:EC +EC_GFp_mont_method 2806 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC OPENSSL_asc2uni 2807 3_0_0 EXIST::FUNCTION: TS_REQ_new 2808 3_0_0 EXIST::FUNCTION:TS ENGINE_register_all_DH 2809 3_0_0 EXIST::FUNCTION:ENGINE @@ -2760,7 +2760,7 @@ CRYPTO_secure_used 2819 3_0_0 EXIST::FUNCTION: d2i_X509_CRL_INFO 2820 3_0_0 EXIST::FUNCTION: X509_CRL_get_issuer 2821 3_0_0 EXIST::FUNCTION: d2i_SCT_LIST 2822 3_0_0 EXIST::FUNCTION:CT -EC_GFp_nist_method 2823 3_0_0 EXIST::FUNCTION:EC +EC_GFp_nist_method 2823 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC SCT_free 2824 3_0_0 EXIST::FUNCTION:CT TS_TST_INFO_get_msg_imprint 2825 3_0_0 EXIST::FUNCTION:TS X509v3_addr_add_range 2826 3_0_0 EXIST::FUNCTION:RFC3779 @@ -2800,7 +2800,7 @@ X509_EXTENSION_dup 2861 3_0_0 EXIST::FUNCTION: EVP_PKEY_asn1_new 2862 3_0_0 EXIST::FUNCTION: BIO_socket_nbio 2863 3_0_0 EXIST::FUNCTION:SOCK EVP_CIPHER_set_asn1_iv 2864 3_0_0 EXIST::FUNCTION: -EC_GFp_nistp224_method 2865 3_0_0 EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128 +EC_GFp_nistp224_method 2865 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128 BN_swap 2866 3_0_0 EXIST::FUNCTION: d2i_ECParameters 2867 3_0_0 EXIST::FUNCTION:EC X509_NAME_add_entry_by_OBJ 2868 3_0_0 EXIST::FUNCTION: @@ -3013,7 +3013,7 @@ X509_REQ_get_X509_PUBKEY 3077 3_0_0 EXIST::FUNCTION: ENGINE_load_private_key 3078 3_0_0 EXIST::FUNCTION:ENGINE GENERAL_NAMES_new 3079 3_0_0 EXIST::FUNCTION: i2d_POLICYQUALINFO 3080 3_0_0 EXIST::FUNCTION: -EC_GF2m_simple_method 3081 3_0_0 EXIST::FUNCTION:EC,EC2M +EC_GF2m_simple_method 3081 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC2M RSA_get_method 3082 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,RSA d2i_ASRange 3083 3_0_0 EXIST::FUNCTION:RFC3779 CMS_ContentInfo_new 3084 3_0_0 EXIST::FUNCTION:CMS @@ -3376,7 +3376,7 @@ ERR_get_next_error_library 3446 3_0_0 EXIST::FUNCTION: OCSP_RESPONSE_print 3447 3_0_0 EXIST::FUNCTION:OCSP BN_get_rfc3526_prime_2048 3448 3_0_0 EXIST::FUNCTION:DH BIO_new_bio_pair 3449 3_0_0 EXIST::FUNCTION: -EC_GFp_nistp256_method 3450 3_0_0 EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128 +EC_GFp_nistp256_method 3450 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,EC,EC_NISTP_64_GCC_128 BIO_method_type 3451 3_0_0 EXIST::FUNCTION: ECPKParameters_print 3452 3_0_0 EXIST::FUNCTION:EC EVP_rc4 3453 3_0_0 EXIST::FUNCTION:RC4 @@ -4683,7 +4683,6 @@ ERR_set_error ? 3_0_0 EXIST::FUNCTION: ERR_vset_error ? 3_0_0 EXIST::FUNCTION: X509_get0_authority_issuer ? 3_0_0 EXIST::FUNCTION: X509_get0_authority_serial ? 3_0_0 EXIST::FUNCTION: -EC_GROUP_new_ex ? 3_0_0 EXIST::FUNCTION:EC EC_GROUP_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC EC_KEY_new_ex ? 3_0_0 EXIST::FUNCTION:EC EC_KEY_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC @@ -5094,6 +5093,7 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ? 3_0_0 EXIST::FUNCTION:RSA EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name ? 3_0_0 EXIST::FUNCTION:RSA OSSL_PROVIDER_do_all ? 3_0_0 EXIST::FUNCTION: +EC_GROUP_get_field_type ? 3_0_0 EXIST::FUNCTION:EC X509_PUBKEY_eq ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_eq ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_parameters_eq ? 3_0_0 EXIST::FUNCTION: From openssl at openssl.org Tue Jun 2 08:55:51 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jun 2020 08:55:51 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1591088151.239990.17667.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-list.d.tmp -MT apps/openssl-bin-list.o -c -o apps/openssl-bin-list.o ../openssl/apps/list.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-mac.d.tmp -MT apps/openssl-bin-mac.o -c -o apps/openssl-bin-mac.o ../openssl/apps/mac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-nseq.d.tmp -MT apps/openssl-bin-nseq.o -c -o apps/openssl-bin-nseq.o ../openssl/apps/nseq.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-ocsp.d.tmp -MT apps/openssl-bin-ocsp.o -c -o apps/openssl-bin-ocsp.o ../openssl/apps/ocsp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-openssl.d.tmp -MT apps/openssl-bin-openssl.o -c -o apps/openssl-bin-openssl.o ../openssl/apps/openssl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-passwd.d.tmp -MT apps/openssl-bin-passwd.o -c -o apps/openssl-bin-passwd.o ../openssl/apps/passwd.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs12.d.tmp -MT apps/openssl-bin-pkcs12.o -c -o apps/openssl-bin-pkcs12.o ../openssl/apps/pkcs12.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs7.d.tmp -MT apps/openssl-bin-pkcs7.o -c -o apps/openssl-bin-pkcs7.o ../openssl/apps/pkcs7.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs8.d.tmp -MT apps/openssl-bin-pkcs8.o -c -o apps/openssl-bin-pkcs8.o ../openssl/apps/pkcs8.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkey.d.tmp -MT apps/openssl-bin-pkey.o -c -o apps/openssl-bin-pkey.o ../openssl/apps/pkey.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyparam.d.tmp -MT apps/openssl-bin-pkeyparam.o -c -o apps/openssl-bin-pkeyparam.o ../openssl/apps/pkeyparam.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyutl.d.tmp -MT apps/openssl-bin-pkeyutl.o -c -o apps/openssl-bin-pkeyutl.o ../openssl/apps/pkeyutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-prime.d.tmp -MT apps/openssl-bin-prime.o -c -o apps/openssl-bin-prime.o ../openssl/apps/prime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-progs.d.tmp -MT apps/openssl-bin-progs.o -c -o apps/openssl-bin-progs.o apps/progs.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-provider.d.tmp -MT apps/openssl-bin-provider.o -c -o apps/openssl-bin-provider.o ../openssl/apps/provider.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rand.d.tmp -MT apps/openssl-bin-rand.o -c -o apps/openssl-bin-rand.o ../openssl/apps/rand.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rehash.d.tmp -MT apps/openssl-bin-rehash.o -c -o apps/openssl-bin-rehash.o ../openssl/apps/rehash.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-req.d.tmp -MT apps/openssl-bin-req.o -c -o apps/openssl-bin-req.o ../openssl/apps/req.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsa.d.tmp -MT apps/openssl-bin-rsa.o -c -o apps/openssl-bin-rsa.o ../openssl/apps/rsa.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsautl.d.tmp -MT apps/openssl-bin-rsautl.o -c -o apps/openssl-bin-rsautl.o ../openssl/apps/rsautl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_client.d.tmp -MT apps/openssl-bin-s_client.o -c -o apps/openssl-bin-s_client.o ../openssl/apps/s_client.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_server.d.tmp -MT apps/openssl-bin-s_server.o -c -o apps/openssl-bin-s_server.o ../openssl/apps/s_server.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_time.d.tmp -MT apps/openssl-bin-s_time.o -c -o apps/openssl-bin-s_time.o ../openssl/apps/s_time.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-sess_id.d.tmp -MT apps/openssl-bin-sess_id.o -c -o apps/openssl-bin-sess_id.o ../openssl/apps/sess_id.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-smime.d.tmp -MT apps/openssl-bin-smime.o -c -o apps/openssl-bin-smime.o ../openssl/apps/smime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-speed.d.tmp -MT apps/openssl-bin-speed.o -c -o apps/openssl-bin-speed.o ../openssl/apps/speed.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-spkac.d.tmp -MT apps/openssl-bin-spkac.o -c -o apps/openssl-bin-spkac.o ../openssl/apps/spkac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-srp.d.tmp -MT apps/openssl-bin-srp.o -c -o apps/openssl-bin-srp.o ../openssl/apps/srp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-storeutl.d.tmp -MT apps/openssl-bin-storeutl.o -c -o apps/openssl-bin-storeutl.o ../openssl/apps/storeutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-verify.d.tmp -MT apps/openssl-bin-verify.o -c -o apps/openssl-bin-verify.o ../openssl/apps/verify.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-version.d.tmp -MT apps/openssl-bin-version.o -c -o apps/openssl-bin-version.o ../openssl/apps/version.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-x509.d.tmp -MT apps/openssl-bin-x509.o -c -o apps/openssl-bin-x509.o ../openssl/apps/x509.c rm -f fuzz/cmp-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o fuzz/cmp-test \ fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-test-corpus.o \ libcrypto.a -ldl -pthread rm -f test/asn1_dsa_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_dsa_internal_test \ test/asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/asn1_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_internal_test \ test/asn1_internal_test-bin-asn1_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/bn_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/bn_internal_test \ test/bn_internal_test-bin-bn_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22823: recipe for target 'fuzz/cmp-test' failed make[1]: *** [fuzz/cmp-test] Error 1 make[1]: *** Waiting for unfinished jobs.... libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23044: recipe for target 'test/asn1_dsa_internal_test' failed make[1]: *** [test/asn1_dsa_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23074: recipe for target 'test/asn1_internal_test' failed make[1]: *** [test/asn1_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23272: recipe for target 'test/bn_internal_test' failed make[1]: *** [test/bn_internal_test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ts' Makefile:3033: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.org Tue Jun 2 08:36:23 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jun 2020 08:36:23 +0000 Subject: Still Failing: openssl/openssl#35147 (master - e306f83) In-Reply-To: Message-ID: <5ed60f86ab790_13fe501dd7a548897e@travis-tasks-5fdb996998-mm572.mail> Build Update for openssl/openssl ------------------------------------- Build: #35147 Status: Still Failing Duration: 48 mins and 53 secs Commit: e306f83 (master) Author: Richard Levitte Message: APPS: Remove make_config_name, use CONF_get1_default_config_file instead Reviewed-by: Bernd Edlinger Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11983) View the changeset: https://github.com/openssl/openssl/compare/32df13497a1f...e306f83c8cfc View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693746209?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From bernd.edlinger at hotmail.de Tue Jun 2 09:35:01 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 02 Jun 2020 09:35:01 +0000 Subject: [openssl] master update Message-ID: <1591090501.429657.11218.nullmailer@dev.openssl.org> The branch master has been updated via d805b83166538907535862372c16ff6ceb648b21 (commit) from 23ccae80bd58adfe89e3e345414684eb82bdb531 (commit) - Log ----------------------------------------------------------------- commit d805b83166538907535862372c16ff6ceb648b21 Author: Bernd Edlinger Date: Thu May 28 11:20:50 2020 +0200 Prevent extended tests run unexpectedly in appveyor Reason turns out that "git log -2" is picking up a merge commit and a random commit message from the master branch. Restore the expected behavior by using git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11981) ----------------------------------------------------------------------- Summary of changes: appveyor.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/appveyor.yml b/appveyor.yml index 949d6aad50..ccca8bb22c 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -46,7 +46,8 @@ before_build: - cd .. - ps: >- if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER` - -or (&git log -2 | Select-String "\[extended tests\]") ) { + -or (&git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT | + Select-String "\[extended tests\]") ) { $env:EXTENDED_TESTS="yes" } From bernd.edlinger at hotmail.de Tue Jun 2 09:35:58 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Tue, 02 Jun 2020 09:35:58 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1591090558.948260.12618.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 3476de9199c1079162399eeb858a8580ef478b18 (commit) from 3fc83feae0bc3fcfbb7cfc8a927bb4a888a7663b (commit) - Log ----------------------------------------------------------------- commit 3476de9199c1079162399eeb858a8580ef478b18 Author: Bernd Edlinger Date: Thu May 28 11:20:50 2020 +0200 Prevent extended tests run unexpectedly in appveyor Reason turns out that "git log -2" is picking up a merge commit and a random commit message from the master branch. Restore the expected behavior by using git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11981) (cherry picked from commit d805b83166538907535862372c16ff6ceb648b21) ----------------------------------------------------------------------- Summary of changes: appveyor.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/appveyor.yml b/appveyor.yml index 242d6a9ffe..6210391f20 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -46,7 +46,8 @@ before_build: - cd .. - ps: >- if (-not $env:APPVEYOR_PULL_REQUEST_NUMBER` - -or (&git log -2 | Select-String "\[extended tests\]") ) { + -or (&git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT | + Select-String "\[extended tests\]") ) { $env:EXTENDED_TESTS="yes" } From openssl at openssl.org Tue Jun 2 09:40:56 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jun 2020 09:40:56 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1591090856.330460.23716.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_bioprint.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1993, 1513 wallclock secs ( 8.98 usr 1.80 sys + 1456.59 cusr 59.51 csys = 1526.88 CPU) Result: FAIL Makefile:3092: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3090: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Tue Jun 2 09:26:29 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jun 2020 09:26:29 +0000 Subject: Still Failing: openssl/openssl#35150 (master - 23ccae8) In-Reply-To: Message-ID: <5ed61b44949d7_13fc4d222e814131336@travis-tasks-5fdb996998-rwxjd.mail> Build Update for openssl/openssl ------------------------------------- Build: #35150 Status: Still Failing Duration: 54 mins and 38 secs Commit: 23ccae8 (master) Author: Billy Brumley Message: Move EC_METHOD to internal-only Reviewed-by: Nicola Tuveri Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11928) View the changeset: https://github.com/openssl/openssl/compare/e306f83c8cfc...23ccae80bd58 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693755024?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Jun 2 10:24:12 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jun 2020 10:24:12 +0000 Subject: Still Failing: openssl/openssl#35152 (master - d805b83) In-Reply-To: Message-ID: <5ed628cc329d9_13fc4d72127b82067a0@travis-tasks-5fdb996998-rwxjd.mail> Build Update for openssl/openssl ------------------------------------- Build: #35152 Status: Still Failing Duration: 47 mins and 41 secs Commit: d805b83 (master) Author: Bernd Edlinger Message: Prevent extended tests run unexpectedly in appveyor Reason turns out that "git log -2" is picking up a merge commit and a random commit message from the master branch. Restore the expected behavior by using git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11981) View the changeset: https://github.com/openssl/openssl/compare/23ccae80bd58...d805b8316653 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693777210?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tmraz at fedoraproject.org Tue Jun 2 11:02:23 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 02 Jun 2020 11:02:23 +0000 Subject: [openssl] master update Message-ID: <1591095743.629182.28110.nullmailer@dev.openssl.org> The branch master has been updated via a5a87011baeef71c86938a2bae54f89fbe99e5dc (commit) from d805b83166538907535862372c16ff6ceb648b21 (commit) - Log ----------------------------------------------------------------- commit a5a87011baeef71c86938a2bae54f89fbe99e5dc Author: Jack O'Connor Date: Thu May 28 12:42:15 2020 -0400 fix a docs typo Correct "EC_KEY_point2buf" to "EC_POINT_point2buf". The former does not exist. CLA: trivial Reviewed-by: Ben Kaduk Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11988) ----------------------------------------------------------------------- Summary of changes: doc/man3/EC_KEY_new.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/EC_KEY_new.pod b/doc/man3/EC_KEY_new.pod index e18a3023de..c706dbe425 100644 --- a/doc/man3/EC_KEY_new.pod +++ b/doc/man3/EC_KEY_new.pod @@ -146,7 +146,7 @@ Modern versions should instead switch to named curves which OpenSSL has hardcoded lookup tables for. EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions -EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key +EC_POINT_oct2point() and EC_POINT_point2buf() except they use the public key EC_POINT in B. EC_KEY_oct2priv() and EC_KEY_priv2oct() convert between the private key From tmraz at fedoraproject.org Tue Jun 2 11:02:39 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 02 Jun 2020 11:02:39 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1591095759.879041.29430.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 315170f662b3053aa9fe817639e1b78f74f75077 (commit) from 3476de9199c1079162399eeb858a8580ef478b18 (commit) - Log ----------------------------------------------------------------- commit 315170f662b3053aa9fe817639e1b78f74f75077 Author: Jack O'Connor Date: Thu May 28 12:42:15 2020 -0400 fix a docs typo Correct "EC_KEY_point2buf" to "EC_POINT_point2buf". The former does not exist. CLA: trivial Reviewed-by: Ben Kaduk Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11988) (cherry picked from commit a5a87011baeef71c86938a2bae54f89fbe99e5dc) ----------------------------------------------------------------------- Summary of changes: doc/man3/EC_KEY_new.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/EC_KEY_new.pod b/doc/man3/EC_KEY_new.pod index 9d32d78a39..21663a032e 100644 --- a/doc/man3/EC_KEY_new.pod +++ b/doc/man3/EC_KEY_new.pod @@ -122,7 +122,7 @@ EC_KEY_precompute_mult() stores multiples of the underlying EC_GROUP generator for faster point multiplication. See also L. EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions -EC_POINT_oct2point() and EC_KEY_point2buf() except they use the public key +EC_POINT_oct2point() and EC_POINT_point2buf() except they use the public key EC_POINT in B. EC_KEY_oct2priv() and EC_KEY_priv2oct() convert between the private key From no-reply at appveyor.com Tue Jun 2 11:20:16 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 02 Jun 2020 11:20:16 +0000 Subject: Build failed: openssl master.34601 Message-ID: <20200602112016.1.717C0F0A2CA91821@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 2 12:20:09 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 02 Jun 2020 12:20:09 +0000 Subject: Build completed: openssl master.34602 Message-ID: <20200602122009.1.0A37444CCD51BC3D@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 2 12:33:05 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jun 2020 12:33:05 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1591101185.997117.32460.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=198, Tests=1990, 718 wallclock secs ( 8.12 usr 1.63 sys + 680.26 cusr 44.56 csys = 734.57 CPU) Result: FAIL Makefile:3077: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3075: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Tue Jun 2 12:03:19 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jun 2020 12:03:19 +0000 Subject: Still Failing: openssl/openssl#35157 (master - a5a8701) In-Reply-To: Message-ID: <5ed6400697551_13fc4d7212b78342998@travis-tasks-5fdb996998-rwxjd.mail> Build Update for openssl/openssl ------------------------------------- Build: #35157 Status: Still Failing Duration: 16 mins and 55 secs Commit: a5a8701 (master) Author: Jack O'Connor Message: fix a docs typo Correct "EC_KEY_point2buf" to "EC_POINT_point2buf". The former does not exist. CLA: trivial Reviewed-by: Ben Kaduk Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11988) View the changeset: https://github.com/openssl/openssl/compare/d805b8316653...a5a87011baee View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693799616?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 2 14:51:20 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jun 2020 14:51:20 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1591109480.180021.26714.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=198, Tests=1992, 717 wallclock secs ( 8.43 usr 1.47 sys + 671.81 cusr 45.44 csys = 727.15 CPU) Result: FAIL Makefile:3090: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3088: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Tue Jun 2 15:54:38 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jun 2020 15:54:38 +0000 Subject: Errored: openssl/openssl#35153 (OpenSSL_1_1_1-stable - 3476de9) In-Reply-To: Message-ID: <5ed6763e4a20e_13ff53fa62fc4585817@travis-tasks-5cd78cf5db-skhkr.mail> Build Update for openssl/openssl ------------------------------------- Build: #35153 Status: Errored Duration: ? Commit: 3476de9 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Prevent extended tests run unexpectedly in appveyor Reason turns out that "git log -2" is picking up a merge commit and a random commit message from the master branch. Restore the expected behavior by using git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11981) (cherry picked from commit d805b83166538907535862372c16ff6ceb648b21) View the changeset: https://github.com/openssl/openssl/compare/3fc83feae0bc...3476de9199c1 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693777465?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 2 16:58:40 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 02 Jun 2020 16:58:40 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1591117120.391449.20494.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 082c041b42 bio printf: Avoid using rounding errors in range check f438f53a4e DOCS: add openssl-core_names.h(7) 329b2a2cde DOCS: add openssl-core_numbers.h(7) Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=198, Tests=1992, 738 wallclock secs ( 9.52 usr 1.62 sys + 691.52 cusr 47.15 csys = 749.81 CPU) Result: FAIL Makefile:3094: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3092: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Tue Jun 2 17:25:33 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jun 2020 17:25:33 +0000 Subject: Errored: openssl/openssl#35158 (OpenSSL_1_1_1-stable - 315170f) In-Reply-To: Message-ID: <5ed68b8c92654_13fada8b16b5c681dd@travis-tasks-7678888bc9-fjx5t.mail> Build Update for openssl/openssl ------------------------------------- Build: #35158 Status: Errored Duration: ? Commit: 315170f (OpenSSL_1_1_1-stable) Author: Jack O'Connor Message: fix a docs typo Correct "EC_KEY_point2buf" to "EC_POINT_point2buf". The former does not exist. CLA: trivial Reviewed-by: Ben Kaduk Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11988) (cherry picked from commit a5a87011baeef71c86938a2bae54f89fbe99e5dc) View the changeset: https://github.com/openssl/openssl/compare/3476de9199c1...315170f662b3 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693799704?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Jun 2 18:01:34 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 02 Jun 2020 18:01:34 +0000 Subject: [openssl] master update Message-ID: <1591120894.588631.23548.nullmailer@dev.openssl.org> The branch master has been updated via 29c49b2534fbd60338f61e94c2893d774f9361a9 (commit) via eb2bba2569a3637b8477c56f82b616222f5af46f (commit) from a5a87011baeef71c86938a2bae54f89fbe99e5dc (commit) - Log ----------------------------------------------------------------- commit 29c49b2534fbd60338f61e94c2893d774f9361a9 Author: Richard Levitte Date: Mon May 18 08:35:29 2020 +0200 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11855) commit eb2bba2569a3637b8477c56f82b616222f5af46f Author: Richard Levitte Date: Mon May 18 08:32:28 2020 +0200 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs PEM_write_bio_PKCS8PrivateKey(), i2d_PKCS8PrivateKey_bio(), PEM_write_PKCS8PrivateKey(), and i2d_PKCS8PrivateKey_fp() are affected by this. Fixes #11845 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11855) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_pk8.c | 117 +++++++++++++++++++++++++++++++++++--------------- test/evp_extra_test.c | 35 +++++++++++++++ 2 files changed, 117 insertions(+), 35 deletions(-) diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 6b7840508b..6098d92342 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -15,6 +15,7 @@ #include #include #include +#include static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, @@ -66,49 +67,95 @@ static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, const char *kstr, int klen, pem_password_cb *cb, void *u) { - X509_SIG *p8; - PKCS8_PRIV_KEY_INFO *p8inf; - char buf[PEM_BUFSIZE]; - int ret; + int ret = 0; + const char *pq = isder + ? OSSL_SERIALIZER_PrivateKey_TO_DER_PQ + : OSSL_SERIALIZER_PrivateKey_TO_PEM_PQ; + OSSL_SERIALIZER_CTX *ctx = OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(x, pq); - if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) { - PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); + if (ctx == NULL) return 0; + + /* + * If no keystring or callback is set, OpenSSL traditionally uses the + * user's cb argument as a password string, or if that's NULL, it falls + * back on PEM_def_callback(). + */ + if (kstr == NULL && cb == NULL) { + if (u != NULL) { + kstr = u; + klen = strlen(u); + } else { + cb = PEM_def_callback; + } } - if (enc || (nid != -1)) { - if (!kstr) { - if (!cb) - klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); - else - klen = cb(buf, PEM_BUFSIZE, 1, u); - if (klen <= 0) { - PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY); - PKCS8_PRIV_KEY_INFO_free(p8inf); - return 0; - } - kstr = buf; + if (OSSL_SERIALIZER_CTX_get_serializer(ctx) != NULL) { + ret = 1; + if (enc != NULL) { + ret = 0; + if (OSSL_SERIALIZER_CTX_set_cipher(ctx, EVP_CIPHER_name(enc), + NULL)) { + const unsigned char *ukstr = (const unsigned char *)kstr; + + /* + * Try to pass the passphrase if one was given, or the + * passphrase callback if one was given. If none of them + * are given and that's wrong, we rely on the _to_bio() + * call to generate errors. + */ + ret = 1; + if (kstr != NULL + && !OSSL_SERIALIZER_CTX_set_passphrase(ctx, ukstr, klen)) + ret = 0; + else if (cb != NULL + && !OSSL_SERIALIZER_CTX_set_passphrase_cb(ctx, 1, + cb, u)) + ret = 0; + } } - p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); - if (kstr == buf) - OPENSSL_cleanse(buf, klen); - PKCS8_PRIV_KEY_INFO_free(p8inf); - if (p8 == NULL) - return 0; - if (isder) - ret = i2d_PKCS8_bio(bp, p8); - else - ret = PEM_write_bio_PKCS8(bp, p8); - X509_SIG_free(p8); - return ret; + ret = ret && OSSL_SERIALIZER_to_bio(ctx, bp); } else { - if (isder) - ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); - else - ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); + X509_SIG *p8; + PKCS8_PRIV_KEY_INFO *p8inf; + char buf[PEM_BUFSIZE]; + + ret = 0; + if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) { + PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); + goto legacy_end; + } + if (enc || (nid != -1)) { + if (kstr == NULL) { + klen = cb(buf, PEM_BUFSIZE, 1, u); + if (klen <= 0) { + PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY); + goto legacy_end; + } + + kstr = buf; + } + p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); + if (kstr == buf) + OPENSSL_cleanse(buf, klen); + if (p8 == NULL) + goto legacy_end; + if (isder) + ret = i2d_PKCS8_bio(bp, p8); + else + ret = PEM_write_bio_PKCS8(bp, p8); + X509_SIG_free(p8); + } else { + if (isder) + ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); + else + ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); + } + legacy_end: PKCS8_PRIV_KEY_INFO_free(p8inf); - return ret; } + OSSL_SERIALIZER_CTX_free(ctx); + return ret; } EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index e6a76a1fa6..7f07ab738e 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -767,6 +767,40 @@ static int test_EVP_PKCS82PKEY(void) } #endif +/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */ +static int test_privatekey_to_pkcs8(void) +{ + EVP_PKEY *pkey = NULL; + BIO *membio = NULL; + char *membuf = NULL; + size_t membuf_len = 0; + int ok = 0; + + if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) + || !TEST_ptr(pkey = load_example_rsa_key()) + || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, + NULL, 0, NULL, NULL), + 0) + || !TEST_ptr((membuf_len = (size_t)BIO_get_mem_data(membio, &membuf), + membuf)) + || !TEST_mem_eq(membuf, membuf_len, + kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) + /* + * We try to write PEM as well, just to see that it doesn't err, but + * assume that the result is correct. + */ + || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL, + NULL, 0, NULL, NULL), + 0)) + goto done; + + ok = 1; + done: + EVP_PKEY_free(pkey); + BIO_free_all(membio); + return ok; +} + #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE) static int test_EVP_SM2_verify(void) @@ -1718,6 +1752,7 @@ int setup_tests(void) ADD_TEST(test_EVP_DigestVerifyInit); ADD_TEST(test_EVP_Enveloped); ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); + ADD_TEST(test_privatekey_to_pkcs8); #ifndef OPENSSL_NO_EC ADD_TEST(test_EVP_PKCS82PKEY); #endif From builds at travis-ci.org Tue Jun 2 18:49:17 2020 From: builds at travis-ci.org (Travis CI) Date: Tue, 02 Jun 2020 18:49:17 +0000 Subject: Still Failing: openssl/openssl#35165 (master - 29c49b2) In-Reply-To: Message-ID: <5ed69f2d33b1d_13fb79c0d6c98246778@travis-tasks-7678888bc9-6gxwv.mail> Build Update for openssl/openssl ------------------------------------- Build: #35165 Status: Still Failing Duration: 47 mins and 14 secs Commit: 29c49b2 (master) Author: Richard Levitte Message: TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11855) View the changeset: https://github.com/openssl/openssl/compare/a5a87011baee...29c49b2534fb View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693956750?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Jun 3 00:41:28 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 03 Jun 2020 00:41:28 +0000 Subject: [openssl] master update Message-ID: <1591144888.196775.7090.nullmailer@dev.openssl.org> The branch master has been updated via 5c01a133ecafc5ffa4ae55effd32f4f1fb642293 (commit) from 29c49b2534fbd60338f61e94c2893d774f9361a9 (commit) - Log ----------------------------------------------------------------- commit 5c01a133ecafc5ffa4ae55effd32f4f1fb642293 Author: Pauli Date: Tue Jun 2 23:10:06 2020 +1000 ossl_shim: include core_names.h to resolve undeclared symbols Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/12018) ----------------------------------------------------------------------- Summary of changes: test/ossl_shim/ossl_shim.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index 3ebe31b7dd..e7c1dfe09f 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -39,6 +39,7 @@ OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib")) #include #include #include +#include #include #include #include From openssl at openssl.org Wed Jun 3 01:25:07 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Jun 2020 01:25:07 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1591147507.328370.24798.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs a5a87011ba fix a docs typo d805b83166 Prevent extended tests run unexpectedly in appveyor 23ccae80bd Move EC_METHOD to internal-only e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead 32df13497a Remove getenv(OPENSSL_FIPS) in openssl command 41dccd68b9 Revert the check for NaN in %f format c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses 60d3b5b9ff add FFDH to speed command Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1917, 747 wallclock secs ( 8.84 usr 1.77 sys + 698.53 cusr 46.54 csys = 755.68 CPU) Result: FAIL Makefile:3087: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3085: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Wed Jun 3 01:30:43 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Jun 2020 01:30:43 +0000 Subject: Still Failing: openssl/openssl#35170 (master - 5c01a13) In-Reply-To: Message-ID: <5ed6fd42beb2f_13ffc1b7d79ac64763@travis-tasks-6f7b994d4b-bwgzg.mail> Build Update for openssl/openssl ------------------------------------- Build: #35170 Status: Still Failing Duration: 48 mins and 24 secs Commit: 5c01a13 (master) Author: Pauli Message: ossl_shim: include core_names.h to resolve undeclared symbols Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/12018) View the changeset: https://github.com/openssl/openssl/compare/29c49b2534fb...5c01a133ecaf View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694073723?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jun 3 04:06:29 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Jun 2020 04:06:29 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1591157189.117868.9848.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs a5a87011ba fix a docs typo d805b83166 Prevent extended tests run unexpectedly in appveyor 23ccae80bd Move EC_METHOD to internal-only e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead 32df13497a Remove getenv(OPENSSL_FIPS) in openssl command 41dccd68b9 Revert the check for NaN in %f format c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses 60d3b5b9ff add FFDH to speed command Build log ended with (last 100 lines): ssl/statem/libssl-shlib-statem_dtls.o \ ssl/statem/libssl-shlib-statem_lib.o \ ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld \ engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld \ engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld \ engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld \ engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld \ engines/padlock-dso-e_padlock-x86_64.o \ engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test \ fuzz/asn1parse-test-bin-asn1parse.o \ fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test \ fuzz/bignum-test-bin-bignum.o \ fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bndiv-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bndiv-test \ fuzz/bndiv-test-bin-bndiv.o \ fuzz/bndiv-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/conf-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/conf-test \ fuzz/conf-test-bin-conf.o fuzz/conf-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22676: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22724: recipe for target 'fuzz/bndiv-test' failed make[1]: *** [fuzz/bndiv-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22700: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22795: recipe for target 'fuzz/conf-test' failed make[1]: *** [fuzz/conf-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3030: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Wed Jun 3 06:38:39 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Jun 2020 06:38:39 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1591166319.381393.9063.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs a5a87011ba fix a docs typo d805b83166 Prevent extended tests run unexpectedly in appveyor 23ccae80bd Move EC_METHOD to internal-only e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead 32df13497a Remove getenv(OPENSSL_FIPS) in openssl command 41dccd68b9 Revert the check for NaN in %f format c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses 60d3b5b9ff add FFDH to speed command Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=198, Tests=1990, 695 wallclock secs ( 8.69 usr 1.61 sys + 647.59 cusr 42.96 csys = 700.85 CPU) Result: FAIL Makefile:3090: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3088: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed Jun 3 07:10:57 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Jun 2020 07:10:57 +0000 Subject: Build failed: openssl master.34620 Message-ID: <20200603071057.1.62DCA4A8E58EC28F@appveyor.com> An HTML attachment was scrubbed... URL: From tmraz at fedoraproject.org Wed Jun 3 07:57:40 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 03 Jun 2020 07:57:40 +0000 Subject: [openssl] master update Message-ID: <1591171060.417278.10412.nullmailer@dev.openssl.org> The branch master has been updated via 2b584ff372b2b25bb6801172bbeb90074b26f88c (commit) via 4e6e57cfcdd75b827ff7171927d87e95b5b86ae8 (commit) from 5c01a133ecafc5ffa4ae55effd32f4f1fb642293 (commit) - Log ----------------------------------------------------------------- commit 2b584ff372b2b25bb6801172bbeb90074b26f88c Author: Rich Salz Date: Mon Apr 27 12:57:01 2020 -0400 Update manpage to fix examples, other minor tweaks Reviewed-by: Matthias St. Pierre Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11347) commit 4e6e57cfcdd75b827ff7171927d87e95b5b86ae8 Author: Rich Salz Date: Wed Mar 4 14:08:31 2020 -0500 Cleanup cert config files for tests Merge test/P[12]ss.cnf into one config file Merge CAss.cnf and Uss.cnf into ca-and-certs.cnf Remove Netscape cert extensions, add keyUsage comment from some cnf files Reviewed-by: Matthias St. Pierre Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11347) ----------------------------------------------------------------------- Summary of changes: apps/openssl-vms.cnf | 53 ---------------------- apps/openssl.cnf | 53 ---------------------- demos/certs/apps/apps.cnf | 6 --- demos/certs/ca.cnf | 6 --- doc/man7/proxy-certificates.pod | 36 +++++++-------- test/CAss.cnf | 69 ---------------------------- test/P1ss.cnf | 31 ------------- test/P2ss.cnf | 39 ---------------- test/Uss.cnf | 36 --------------- test/ca-and-certs.cnf | 90 +++++++++++++++++++++++++++++++++++++ test/proxy.cnf | 61 +++++++++++++++++++++++++ test/recipes/25-test_verify_store.t | 31 ++++++------- test/recipes/80-test_ca.t | 23 +++++----- test/recipes/80-test_ssl_old.t | 36 +++++++-------- test/recipes/90-test_store.t | 5 ++- 15 files changed, 213 insertions(+), 362 deletions(-) delete mode 100644 test/CAss.cnf delete mode 100644 test/P1ss.cnf delete mode 100644 test/P2ss.cnf delete mode 100644 test/Uss.cnf create mode 100644 test/ca-and-certs.cnf create mode 100644 test/proxy.cnf diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index c7e7abe994..2420e9c9f5 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -171,27 +171,9 @@ unstructuredName = An optional company name basicConstraints=CA:FALSE -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer @@ -206,13 +188,6 @@ authorityKeyIdentifier=keyid,issuer # Copy subject details # issuerAltName=issuer:copy -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - # This is required for TSA certificates. # extendedKeyUsage = critical,timeStamping @@ -242,9 +217,6 @@ basicConstraints = critical,CA:true # left out by default. # keyUsage = cRLSign, keyCertSign -# Some might want this also -# nsCertType = sslCA, emailCA - # Include email address in subject alt name: another PKIX recommendation # subjectAltName=email:copy # Copy issuer details @@ -272,27 +244,9 @@ authorityKeyIdentifier=keyid:always basicConstraints=CA:FALSE -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer @@ -307,13 +261,6 @@ authorityKeyIdentifier=keyid,issuer # Copy subject details # issuerAltName=issuer:copy -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - # This really needs to be in place for it to be a proxy certificate. proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/apps/openssl.cnf b/apps/openssl.cnf index 52706ae166..4fd5286d2e 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -171,27 +171,9 @@ unstructuredName = An optional company name basicConstraints=CA:FALSE -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer @@ -206,13 +188,6 @@ authorityKeyIdentifier=keyid,issuer # Copy subject details # issuerAltName=issuer:copy -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - # This is required for TSA certificates. # extendedKeyUsage = critical,timeStamping @@ -242,9 +217,6 @@ basicConstraints = critical,CA:true # left out by default. # keyUsage = cRLSign, keyCertSign -# Some might want this also -# nsCertType = sslCA, emailCA - # Include email address in subject alt name: another PKIX recommendation # subjectAltName=email:copy # Copy issuer details @@ -272,27 +244,9 @@ authorityKeyIdentifier=keyid:always basicConstraints=CA:FALSE -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer @@ -307,13 +261,6 @@ authorityKeyIdentifier=keyid,issuer # Copy subject details # issuerAltName=issuer:copy -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - # This really needs to be in place for it to be a proxy certificate. proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/demos/certs/apps/apps.cnf b/demos/certs/apps/apps.cnf index bd762b7ddc..07a3d10b55 100644 --- a/demos/certs/apps/apps.cnf +++ b/demos/certs/apps/apps.cnf @@ -35,9 +35,6 @@ commonName = $ENV::CN basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - [ ec_cert ] # These extensions are added when 'ca' signs a request for an end entity @@ -46,9 +43,6 @@ nsComment = "OpenSSL Generated Certificate" basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf index c75a71a6aa..2fbf20490b 100644 --- a/demos/certs/ca.cnf +++ b/demos/certs/ca.cnf @@ -35,9 +35,6 @@ commonName = $ENV::CN basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid @@ -47,9 +44,6 @@ authorityKeyIdentifier=keyid basicConstraints=critical, CA:FALSE keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid diff --git a/doc/man7/proxy-certificates.pod b/doc/man7/proxy-certificates.pod index df5ee1b4b5..eab28b5658 100644 --- a/doc/man7/proxy-certificates.pod +++ b/doc/man7/proxy-certificates.pod @@ -57,24 +57,22 @@ See L for a discussion on this requirement. Creating proxy certificates can be done using the L command, with some extra extensions: - [ v3_proxy ] + [ proxy ] # A proxy certificate MUST NEVER be a CA certificate. - basicConstraints=CA:FALSE - + basicConstraints = CA:FALSE # Usual authority key ID - authorityKeyIdentifier=keyid,issuer:always - + authorityKeyIdentifier = keyid,issuer:always # The extension which marks this certificate as a proxy - proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB + proxyCertInfo = critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB It's also possible to specify the proxy extension in a separate section: - proxyCertInfo=critical, at proxy_ext + proxyCertInfo = critical, at proxy_ext [ proxy_ext ] - language=id-ppl-anyLanguage - pathlen=0 - policy=text:BC + language = id-ppl-anyLanguage + pathlen = 0 + policy = text:BC The policy value has a specific syntax, I:I, where the I determines what will be done with the string. The following @@ -99,12 +97,12 @@ colons between each byte (every second hex digit): indicates that the text of the policy should be taken from a file. The string is then a filename. This is useful for policies that are -large (more than a few lines, e.g. XML documents). +more than a few lines, such as XML or other markup. =back -I With a proxy extension, creating a proxy certificate is a matter of @@ -112,23 +110,23 @@ two commands: openssl req -new -config proxy.cnf \ -out proxy.req -keyout proxy.key \ - -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1" + -subj "/DC=org/DC=openssl/DC=users/CN=proxy" openssl x509 -req -CAcreateserial -in proxy.req -out proxy.crt \ -CA user.crt -CAkey user.key -days 7 \ - -extfile proxy.cnf -extensions v3_proxy1 + -extfile proxy.cnf -extensions proxy You can also create a proxy certificate using another proxy -certificate as issuer (note: using a different configuration -section for the proxy extensions): +certificate as issuer. Note that this example uses a different +configuration section for the proxy extensions: openssl req -new -config proxy.cnf \ -out proxy2.req -keyout proxy2.key \ - -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2" + -subj "/DC=org/DC=openssl/DC=users/CN=proxy/CN=proxy 2" openssl x509 -req -CAcreateserial -in proxy2.req -out proxy2.crt \ -CA proxy.crt -CAkey proxy.key -days 7 \ - -extfile proxy.cnf -extensions v3_proxy2 + -extfile proxy.cnf -extensions proxy_2 =head2 Using proxy certs in applications diff --git a/test/CAss.cnf b/test/CAss.cnf deleted file mode 100644 index d63f85628b..0000000000 --- a/test/CAss.cnf +++ /dev/null @@ -1,69 +0,0 @@ - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = sha1 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -commonName = Common Name (eg, YOUR name) -commonName_value = Dodgy CA - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -#unique_subject = no # Set to 'no' to allow creation of - # several certificates with same subject. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/cakey.pem# The private key - -x509_extensions = v3_ca # The extensions to add to the cert - -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options - -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. -preserve = no # keep passed DN ordering - -policy = policy_anything - -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - - - -[ v3_ca ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always -basicConstraints = critical,CA:true,pathlen:1 -keyUsage = cRLSign, keyCertSign -issuerAltName=issuer:copy diff --git a/test/P1ss.cnf b/test/P1ss.cnf deleted file mode 100644 index 69baaaf849..0000000000 --- a/test/P1ss.cnf +++ /dev/null @@ -1,31 +0,0 @@ - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = sha256 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Brother 1 - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Brother 2 - -2.commonName = Common Name (eg, YOUR name) -2.commonName_value = Proxy 1 - -[ v3_proxy ] -basicConstraints=CA:FALSE -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB diff --git a/test/P2ss.cnf b/test/P2ss.cnf deleted file mode 100644 index 8d4f3c8a68..0000000000 --- a/test/P2ss.cnf +++ /dev/null @@ -1,39 +0,0 @@ - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = sha256 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Brother 1 - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Brother 2 - -2.commonName = Common Name (eg, YOUR name) -2.commonName_value = Proxy 1 - -3.commonName = Common Name (eg, YOUR name) -3.commonName_value = Proxy 2 - -[ v3_proxy ] -basicConstraints=CA:FALSE -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -proxyCertInfo=critical, at proxy_ext - -[ proxy_ext ] -language=id-ppl-anyLanguage -pathlen=0 -policy=text:BC diff --git a/test/Uss.cnf b/test/Uss.cnf deleted file mode 100644 index 95ffb67deb..0000000000 --- a/test/Uss.cnf +++ /dev/null @@ -1,36 +0,0 @@ - -CN2 = Brother 2 - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = sha256 -prompt = no - -[ req_distinguished_name ] -countryName = AU -organizationName = Dodgy Brothers -0.commonName = Brother 1 -1.commonName = $ENV::CN2 - -[ v3_ee ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -basicConstraints = CA:false -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ee_dsa ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always -basicConstraints = CA:false -keyUsage = nonRepudiation, digitalSignature - -[ v3_ee_ec ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always -basicConstraints = CA:false -keyUsage = nonRepudiation, digitalSignature, keyAgreement - diff --git a/test/ca-and-certs.cnf b/test/ca-and-certs.cnf new file mode 100644 index 0000000000..598db2b6a0 --- /dev/null +++ b/test/ca-and-certs.cnf @@ -0,0 +1,90 @@ + +CN2 = Brother 2 + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name +encrypt_rsa_key = no +default_md = sha1 + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_value = AU +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers +commonName = Common Name (eg, YOUR name) +commonName_value = Dodgy CA + +#################################################################### +[ userreq ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = user_dn +encrypt_rsa_key = no +default_md = sha256 +prompt = no + +[ user_dn ] +countryName = AU +organizationName = Dodgy Brothers +0.commonName = Brother 1 +1.commonName = $ENV::CN2 + +[ v3_ee ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +basicConstraints = CA:false +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ee_dsa ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +basicConstraints = CA:false +keyUsage = nonRepudiation, digitalSignature + +[ v3_ee_ec ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always +basicConstraints = CA:false +keyUsage = nonRepudiation, digitalSignature, keyAgreement + +#################################################################### +[ ca ] +default_ca = CA_default + +[ CA_default ] +dir = ./demoCA +certs = $dir/certs +crl_dir = $dir/crl +database = $dir/index.txt +new_certs_dir = $dir/newcerts +certificate = $dir/cacert.pem +serial = $dir/serial +crl = $dir/crl.pem +private_key = $dir/private/cakey.pem +x509_extensions = v3_ca +name_opt = ca_default +cert_opt = ca_default +default_days = 365 +default_crl_days= 30 +default_md = sha1 +preserve = no +policy = policy_anything + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ v3_ca ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +basicConstraints = critical,CA:true,pathlen:1 +keyUsage = cRLSign, keyCertSign +issuerAltName = issuer:copy diff --git a/test/proxy.cnf b/test/proxy.cnf new file mode 100644 index 0000000000..e6b60542bb --- /dev/null +++ b/test/proxy.cnf @@ -0,0 +1,61 @@ + +## Config file for proxy certificate testing. + +[ req ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name_p1 +encrypt_rsa_key = no +default_md = sha256 + +[ req_distinguished_name_p1 ] +countryName = Country Name (2 letter code) +countryName_value = AU +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Brother 1 +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Brother 2 +2.commonName = Common Name (eg, YOUR name) +2.commonName_value = Proxy 1 + +[ proxy ] +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +proxyCertInfo = critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB + +#################################################################### + +[ proxy2_req ] +default_bits = 2048 +default_keyfile = keySS.pem +distinguished_name = req_distinguished_name_p2 +encrypt_rsa_key = no +default_md = sha256 + +[ req_distinguished_name_p2 ] +countryName = Country Name (2 letter code) +countryName_value = AU +organizationName = Organization Name (eg, company) +organizationName_value = Dodgy Brothers +0.commonName = Common Name (eg, YOUR name) +0.commonName_value = Brother 1 +1.commonName = Common Name (eg, YOUR name) +1.commonName_value = Brother 2 +2.commonName = Common Name (eg, YOUR name) +2.commonName_value = Proxy 1 +3.commonName = Common Name (eg, YOUR name) +3.commonName_value = Proxy 2 + +[ proxy_2 ] +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +proxyCertInfo = critical, at proxy_ext + +[ proxy_ext ] +language = id-ppl-anyLanguage +pathlen = 0 +policy = text:BC diff --git a/test/recipes/25-test_verify_store.t b/test/recipes/25-test_verify_store.t index c8c57a7b2b..2afb8cb56f 100644 --- a/test/recipes/25-test_verify_store.t +++ b/test/recipes/25-test_verify_store.t @@ -18,34 +18,31 @@ plan tests => 10; my $dummycnf = srctop_file("apps", "openssl.cnf"); +my $cnf = srctop_file("test", "ca-and-certs.cnf"); my $CAkey = "keyCA.ss"; my $CAcert="certCA.ss"; my $CAserial="certCA.srl"; my $CAreq="reqCA.ss"; -my $CAconf=srctop_file("test","CAss.cnf"); my $CAreq2="req2CA.ss"; # temp - -my $Uconf=srctop_file("test","Uss.cnf"); my $Ukey="keyU.ss"; my $Ureq="reqU.ss"; my $Ucert="certU.ss"; SKIP: { req( 'make cert request', - qw(-new), - -config => $CAconf, + qw(-new -section userreq), + -config => $cnf, -out => $CAreq, -keyout => $CAkey ); skip 'failure', 8 unless x509( 'convert request into self-signed cert', - qw(-req -CAcreateserial), + qw(-req -CAcreateserial -days 30), + qw(-extensions v3_ca), -in => $CAreq, -out => $CAcert, -signkey => $CAkey, - -days => 30, - -extfile => $CAconf, - -extensions => 'v3_ca' ); + -extfile => $cnf ); skip 'failure', 7 unless x509( 'convert cert into a cert request', @@ -56,13 +53,13 @@ SKIP: { skip 'failure', 6 unless req( 'verify request 1', - qw(-verify -noout), + qw(-verify -noout -section userreq), -config => $dummycnf, -in => $CAreq ); skip 'failure', 5 unless req( 'verify request 2', - qw(-verify -noout), + qw(-verify -noout -section userreq), -config => $dummycnf, -in => $CAreq2 ); @@ -73,29 +70,27 @@ SKIP: { skip 'failure', 3 unless req( 'make a user cert request', - qw(-new), - -config => $Uconf, + qw(-new -section userreq), + -config => $cnf, -out => $Ureq, -keyout => $Ukey ); skip 'failure', 2 unless x509( 'sign user cert request', - qw(-req -CAcreateserial), + qw(-req -CAcreateserial -days 30 -extensions v3_ee), -in => $Ureq, -out => $Ucert, -CA => $CAcert, -CAkey => $CAkey, -CAserial => $CAserial, - -days => 30, - -extfile => $Uconf, - -extensions => 'v3_ee' ) + -extfile => $cnf ) && verify( undef, -CAstore => $CAcert, $Ucert ); skip 'failure', 0 unless x509( 'Certificate details', - qw( -subject -issuer -startdate -enddate -noout), + qw(-subject -issuer -startdate -enddate -noout), -in => $Ucert ); } diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t index 3d4dfcd060..bbb0af7577 100644 --- a/test/recipes/80-test_ca.t +++ b/test/recipes/80-test_ca.t @@ -18,26 +18,29 @@ use OpenSSL::Test::Utils; setup("test_ca"); $ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1); -my $std_openssl_cnf = - srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf"); + +my $cnf = '"' . srctop_file("test","ca-and-certs.cnf") . '"';; +my $std_openssl_cnf = '"' + . srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf") + . '"'; rmtree("demoCA", { safe => 0 }); plan tests => 6; SKIP: { - $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"'; + $ENV{OPENSSL_CONFIG} = '-config ' . $cnf; skip "failed creating CA structure", 4 if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)), 'creating CA structure'); - $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"'; + $ENV{OPENSSL_CONFIG} = '-config ' . $cnf; skip "failed creating new certificate request", 3 if !ok(run(perlapp(["CA.pl","-newreq", - "-extra-req","-outform DER"])), + '-extra-req', '-outform DER -section userreq'])), 'creating certificate request'); - $ENV{OPENSSL_CONFIG} = '-rand_serial -inform DER -config "'.$std_openssl_cnf.'"'; + $ENV{OPENSSL_CONFIG} = '-rand_serial -inform DER -config '.$std_openssl_cnf; skip "failed to sign certificate request", 2 - if !is(yes(cmdstr(perlapp(["CA.pl", "-sign", "-extra-ca"]))), 0, + if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0, 'signing certificate request'); ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])), @@ -46,8 +49,8 @@ plan tests => 6; skip "CT not configured, can't use -precert", 1 if disabled("ct"); - $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"'; - ok(run(perlapp(["CA.pl", "-precert"], stderr => undef)), + $ENV{OPENSSL_CONFIG} = '-config ' . $cnf; + ok(run(perlapp(["CA.pl", "-precert", '-extra-req', '-section userreq'], stderr => undef)), 'creating new pre-certificate'); } @@ -56,7 +59,7 @@ SKIP: { if disabled("sm2"); is(yes(cmdstr(app(["openssl", "ca", "-config", - srctop_file("test", "CAss.cnf"), + $cnf, "-in", srctop_file("test", "certs", "sm2-csr.pem"), "-out", "sm2-test.crt", "-sigopt", "distid:1234567812345678", diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index e01137d593..85f71614c4 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -44,33 +44,27 @@ my @verifycmd = ("openssl", "verify"); my @genpkeycmd = ("openssl", "genpkey"); my $dummycnf = srctop_file("apps", "openssl.cnf"); +my $cnf = srctop_file("test", "ca-and-certs.cnf"); my $CAkey = "keyCA.ss"; my $CAcert="certCA.ss"; my $CAserial="certCA.srl"; my $CAreq="reqCA.ss"; -my $CAconf=srctop_file("test","CAss.cnf"); my $CAreq2="req2CA.ss"; # temp - -my $Uconf=srctop_file("test","Uss.cnf"); my $Ukey="keyU.ss"; my $Ureq="reqU.ss"; my $Ucert="certU.ss"; - my $Dkey="keyD.ss"; my $Dreq="reqD.ss"; my $Dcert="certD.ss"; - my $Ekey="keyE.ss"; my $Ereq="reqE.ss"; my $Ecert="certE.ss"; -my $P1conf=srctop_file("test","P1ss.cnf"); +my $proxycnf=srctop_file("test", "proxy.cnf"); my $P1key="keyP1.ss"; my $P1req="reqP1.ss"; my $P1cert="certP1.ss"; my $P1intermediate="tmp_intP1.ss"; - -my $P2conf=srctop_file("test","P2ss.cnf"); my $P2key="keyP2.ss"; my $P2req="reqP2.ss"; my $P2cert="certP2.ss"; @@ -133,7 +127,7 @@ sub testss { SKIP: { skip 'failure', 16 unless - ok(run(app([@reqcmd, "-config", $CAconf, + ok(run(app([@reqcmd, "-config", $cnf, "-out", $CAreq, "-keyout", $CAkey, @req_new])), 'make cert request'); @@ -141,7 +135,7 @@ sub testss { skip 'failure', 15 unless ok(run(app([@x509cmd, "-CAcreateserial", "-in", $CAreq, "-days", "30", "-req", "-out", $CAcert, "-signkey", $CAkey, - "-extfile", $CAconf, "-extensions", "v3_ca"], + "-extfile", $cnf, "-extensions", "v3_ca"], stdout => "err.ss")), 'convert request into self-signed cert'); @@ -167,7 +161,7 @@ sub testss { 'verify signature'); skip 'failure', 10 unless - ok(run(app([@reqcmd, "-config", $Uconf, + ok(run(app([@reqcmd, "-config", $cnf, "-section", "userreq", "-out", $Ureq, "-keyout", $Ukey, @req_new], stdout => "err.ss")), 'make a user cert request'); @@ -176,7 +170,7 @@ sub testss { ok(run(app([@x509cmd, "-CAcreateserial", "-in", $Ureq, "-days", "30", "-req", "-out", $Ucert, "-CA", $CAcert, "-CAkey", $CAkey, "-CAserial", $CAserial, - "-extfile", $Uconf, "-extensions", "v3_ee"], + "-extfile", $cnf, "-extensions", "v3_ee"], stdout => "err.ss")) && run(app([@verifycmd, "-CAfile", $CAcert, $Ucert])), 'sign user cert request'); @@ -202,7 +196,8 @@ sub testss { stdout => "err.ss")), "make a DSA key"); skip 'failure', 3 unless - ok(run(app([@reqcmd, "-new", "-config", $Uconf, + ok(run(app([@reqcmd, "-new", "-config", $cnf, + "-section", "userreq", "-out", $Dreq, "-key", $Dkey], stdout => "err.ss")), "make a DSA user cert request"); @@ -214,7 +209,7 @@ sub testss { "-out", $Dcert, "-CA", $CAcert, "-CAkey", $CAkey, "-CAserial", $CAserial, - "-extfile", $Uconf, + "-extfile", $cnf, "-extensions", "v3_ee_dsa"], stdout => "err.ss")), "sign DSA user cert request"); @@ -247,7 +242,8 @@ sub testss { "-out", "ecp.ss"])), "make EC parameters"); skip 'failure', 3 unless - ok(run(app([@reqcmd, "-config", $Uconf, + ok(run(app([@reqcmd, "-config", $cnf, + "-section", "userreq", "-out", $Ereq, "-keyout", $Ekey, "-newkey", "ec:ecp.ss"], stdout => "err.ss")), @@ -260,7 +256,7 @@ sub testss { "-out", $Ecert, "-CA", $CAcert, "-CAkey", $CAkey, "-CAserial", $CAserial, - "-extfile", $Uconf, + "-extfile", $cnf, "-extensions", "v3_ee_ec"], stdout => "err.ss")), "sign ECDSA/ECDH user cert request"); @@ -277,7 +273,7 @@ sub testss { }; skip 'failure', 5 unless - ok(run(app([@reqcmd, "-config", $P1conf, + ok(run(app([@reqcmd, "-config", $proxycnf, "-out", $P1req, "-keyout", $P1key, @req_new], stdout => "err.ss")), 'make a proxy cert request'); @@ -287,7 +283,7 @@ sub testss { ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P1req, "-days", "30", "-req", "-out", $P1cert, "-CA", $Ucert, "-CAkey", $Ukey, - "-extfile", $P1conf, "-extensions", "v3_proxy"], + "-extfile", $proxycnf, "-extensions", "proxy"], stdout => "err.ss")), 'sign proxy with user cert'); @@ -300,7 +296,7 @@ sub testss { 'Certificate details'); skip 'failure', 2 unless - ok(run(app([@reqcmd, "-config", $P2conf, + ok(run(app([@reqcmd, "-config", $proxycnf, "-section", "proxy2_req", "-out", $P2req, "-keyout", $P2key, @req_new], stdout => "err.ss")), @@ -311,7 +307,7 @@ sub testss { ok(run(app([@x509cmd, "-CAcreateserial", "-in", $P2req, "-days", "30", "-req", "-out", $P2cert, "-CA", $P1cert, "-CAkey", $P1key, - "-extfile", $P2conf, "-extensions", "v3_proxy"], + "-extfile", $proxycnf, "-extensions", "proxy_2"], stdout => "err.ss")), 'sign second proxy cert request with the first proxy cert'); diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index 3e2e69f439..337bbb10c9 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -16,6 +16,7 @@ my $test_name = "test_store"; setup($test_name); my $mingw = config('target') =~ m|^mingw|; +my $cnf = srctop_file("test", "ca-and-certs.cnf"); my @noexist_files = ( "test/blahdiblah.pem", @@ -295,7 +296,7 @@ sub init { }, grep(/-key-pkcs8-pbes2-sha256\.pem$/, @generated_files)) # *-cert.pem (intermediary for the .p12 inits) && run(app(["openssl", "req", "-x509", - "-config", data_file("ca.cnf"), "-nodes", + "-config", $cnf, "-nodes", "-out", "cacert.pem", "-keyout", "cakey.pem"])) && runall(sub { my $srckey = shift; @@ -303,7 +304,7 @@ sub init { (my $csr = $dstfile) =~ s|\.pem|.csr|; (run(app(["openssl", "req", "-new", - "-config", data_file("user.cnf"), + "-config", $cnf, "-key", $srckey, "-out", $csr])) && run(app(["openssl", "x509", "-days", "3650", From no-reply at appveyor.com Wed Jun 3 08:12:50 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Jun 2020 08:12:50 +0000 Subject: Build completed: openssl master.34621 Message-ID: <20200603081250.1.2E35FF89BF24A3B1@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jun 3 08:47:07 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Jun 2020 08:47:07 +0000 Subject: Still Failing: openssl/openssl#35177 (master - 2b584ff) In-Reply-To: Message-ID: <5ed7638a523e7_13fa3932d98784692b@travis-tasks-97fdb4795-6q7jg.mail> Build Update for openssl/openssl ------------------------------------- Build: #35177 Status: Still Failing Duration: 48 mins and 34 secs Commit: 2b584ff (master) Author: Rich Salz Message: Update manpage to fix examples, other minor tweaks Reviewed-by: Matthias St. Pierre Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11347) View the changeset: https://github.com/openssl/openssl/compare/5c01a133ecaf...2b584ff372b2 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694156729?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jun 3 11:08:52 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 03 Jun 2020 11:08:52 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1591182532.627063.9516.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs a5a87011ba fix a docs typo d805b83166 Prevent extended tests run unexpectedly in appveyor 23ccae80bd Move EC_METHOD to internal-only e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead 32df13497a Remove getenv(OPENSSL_FIPS) in openssl command 41dccd68b9 Revert the check for NaN in %f format c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses 60d3b5b9ff add FFDH to speed command Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=198, Tests=1917, 720 wallclock secs ( 8.20 usr 1.34 sys + 682.85 cusr 44.52 csys = 736.91 CPU) Result: FAIL Makefile:3081: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3079: recipe for target 'tests' failed make: *** [tests] Error 2 From bernd.edlinger at hotmail.de Wed Jun 3 11:16:12 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 03 Jun 2020 11:16:12 +0000 Subject: [openssl] master update Message-ID: <1591182972.697119.16027.nullmailer@dev.openssl.org> The branch master has been updated via 42fa3e66697baa121220b4eacf03607280e4ff89 (commit) from 2b584ff372b2b25bb6801172bbeb90074b26f88c (commit) - Log ----------------------------------------------------------------- commit 42fa3e66697baa121220b4eacf03607280e4ff89 Author: Bernd Edlinger Date: Tue Jun 2 11:52:24 2020 +0200 Fix a buffer overflow in drbg_ctr_generate This can happen if the 32-bit counter overflows and the last block is not a multiple of 16 bytes. Fixes #12012 [extended tests] Reviewed-by: Tomas Mraz Reviewed-by: Patrick Steuer Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12016) ----------------------------------------------------------------------- Summary of changes: crypto/rand/drbg_ctr.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c index 050ae49652..33e1b324c6 100644 --- a/crypto/rand/drbg_ctr.c +++ b/crypto/rand/drbg_ctr.c @@ -366,9 +366,11 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, ctr32 = GETU32(ctr->V + 12) + blocks; if (ctr32 < blocks) { /* 32-bit counter overflow into V. */ - blocks -= ctr32; - buflen = blocks * 16; - ctr32 = 0; + if (ctr32 != 0) { + blocks -= ctr32; + buflen = blocks * 16; + ctr32 = 0; + } ctr96_inc(ctr->V); } PUTU32(ctr->V + 12, ctr32); From bernd.edlinger at hotmail.de Wed Jun 3 11:17:07 2020 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Wed, 03 Jun 2020 11:17:07 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1591183027.857926.17786.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via e6a80cbad28ee748830815634917efe96948f2f3 (commit) from 315170f662b3053aa9fe817639e1b78f74f75077 (commit) - Log ----------------------------------------------------------------- commit e6a80cbad28ee748830815634917efe96948f2f3 Author: Bernd Edlinger Date: Tue Jun 2 11:52:24 2020 +0200 Fix a buffer overflow in drbg_ctr_generate This can happen if the 32-bit counter overflows and the last block is not a multiple of 16 bytes. Fixes #12012 [extended tests] Reviewed-by: Tomas Mraz Reviewed-by: Patrick Steuer Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12016) (cherry picked from commit 42fa3e66697baa121220b4eacf03607280e4ff89) ----------------------------------------------------------------------- Summary of changes: crypto/rand/drbg_ctr.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c index 89c9ccc876..a757d0a258 100644 --- a/crypto/rand/drbg_ctr.c +++ b/crypto/rand/drbg_ctr.c @@ -367,9 +367,11 @@ __owur static int drbg_ctr_generate(RAND_DRBG *drbg, ctr32 = GETU32(ctr->V + 12) + blocks; if (ctr32 < blocks) { /* 32-bit counter overflow into V. */ - blocks -= ctr32; - buflen = blocks * 16; - ctr32 = 0; + if (ctr32 != 0) { + blocks -= ctr32; + buflen = blocks * 16; + ctr32 = 0; + } ctr96_inc(ctr->V); } PUTU32(ctr->V + 12, ctr32); From pauli at openssl.org Wed Jun 3 11:17:50 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 03 Jun 2020 11:17:50 +0000 Subject: [openssl] master update Message-ID: <1591183070.744230.19136.nullmailer@dev.openssl.org> The branch master has been updated via 19d15f97b3932d14e17d0b61115b664169ca6159 (commit) from 42fa3e66697baa121220b4eacf03607280e4ff89 (commit) - Log ----------------------------------------------------------------- commit 19d15f97b3932d14e17d0b61115b664169ca6159 Author: Pauli Date: Wed Jun 3 18:42:36 2020 +1000 ossl_shim: const cast the param arguments to avoid errors [extended tests] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12022) ----------------------------------------------------------------------- Summary of changes: test/ossl_shim/ossl_shim.cc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index e7c1dfe09f..aeaea100ad 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -394,8 +394,10 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, return 0; } - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA256", 0); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, kZeros, + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + const_cast("SHA256"), 0); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, + (void *)kZeros, sizeof(kZeros)); *p = OSSL_PARAM_construct_end(); From builds at travis-ci.org Wed Jun 3 12:17:00 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Jun 2020 12:17:00 +0000 Subject: Still Failing: openssl/openssl#35195 (master - 42fa3e6) In-Reply-To: Message-ID: <5ed794bbe2b94_13fa3932d87d415219@travis-tasks-97fdb4795-6q7jg.mail> Build Update for openssl/openssl ------------------------------------- Build: #35195 Status: Still Failing Duration: 57 mins and 23 secs Commit: 42fa3e6 (master) Author: Bernd Edlinger Message: Fix a buffer overflow in drbg_ctr_generate This can happen if the 32-bit counter overflows and the last block is not a multiple of 16 bytes. Fixes #12012 [extended tests] Reviewed-by: Tomas Mraz Reviewed-by: Patrick Steuer Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12016) View the changeset: https://github.com/openssl/openssl/compare/2b584ff372b2...42fa3e66697b View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694211801?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jun 3 12:24:57 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Jun 2020 12:24:57 +0000 Subject: Failed: openssl/openssl#35197 (OpenSSL_1_1_1-stable - e6a80cb) In-Reply-To: Message-ID: <5ed796994e5dc_13fa3932d8d741551eb@travis-tasks-97fdb4795-6q7jg.mail> Build Update for openssl/openssl ------------------------------------- Build: #35197 Status: Failed Duration: 22 mins and 16 secs Commit: e6a80cb (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Fix a buffer overflow in drbg_ctr_generate This can happen if the 32-bit counter overflows and the last block is not a multiple of 16 bytes. Fixes #12012 [extended tests] Reviewed-by: Tomas Mraz Reviewed-by: Patrick Steuer Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12016) (cherry picked from commit 42fa3e66697baa121220b4eacf03607280e4ff89) View the changeset: https://github.com/openssl/openssl/compare/315170f662b3...e6a80cbad28e View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694212093?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jun 3 13:07:52 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Jun 2020 13:07:52 +0000 Subject: Fixed: openssl/openssl#35198 (master - 19d15f9) In-Reply-To: Message-ID: <5ed7a0a7ae5c9_13ff84621616877062@travis-tasks-845d689f9f-jg4jc.mail> Build Update for openssl/openssl ------------------------------------- Build: #35198 Status: Fixed Duration: 57 mins and 10 secs Commit: 19d15f9 (master) Author: Pauli Message: ossl_shim: const cast the param arguments to avoid errors [extended tests] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12022) View the changeset: https://github.com/openssl/openssl/compare/42fa3e66697b...19d15f97b393 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694212272?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 3 13:28:27 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 03 Jun 2020 13:28:27 +0000 Subject: Build failed: openssl master.34627 Message-ID: <20200603132827.1.94B0AA8146F17592@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jun 3 16:36:53 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Jun 2020 16:36:53 +0000 Subject: Broken: openssl/openssl#35158 (OpenSSL_1_1_1-stable - 315170f) In-Reply-To: Message-ID: <5ed7d1a52ca55_13fad99ee33c011316e@travis-tasks-b7787498b-x4tdv.mail> Build Update for openssl/openssl ------------------------------------- Build: #35158 Status: Broken Duration: 3 mins and 19 secs Commit: 315170f (OpenSSL_1_1_1-stable) Author: Jack O'Connor Message: fix a docs typo Correct "EC_KEY_point2buf" to "EC_POINT_point2buf". The former does not exist. CLA: trivial Reviewed-by: Ben Kaduk Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11988) (cherry picked from commit a5a87011baeef71c86938a2bae54f89fbe99e5dc) View the changeset: https://github.com/openssl/openssl/compare/3476de9199c1...315170f662b3 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693799704?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jun 3 16:35:52 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Jun 2020 16:35:52 +0000 Subject: Broken: openssl/openssl#35153 (OpenSSL_1_1_1-stable - 3476de9) In-Reply-To: Message-ID: <5ed7d168151d0_13fad9584db2c1109aa@travis-tasks-b7787498b-x4tdv.mail> Build Update for openssl/openssl ------------------------------------- Build: #35153 Status: Broken Duration: 3 mins and 24 secs Commit: 3476de9 (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Prevent extended tests run unexpectedly in appveyor Reason turns out that "git log -2" is picking up a merge commit and a random commit message from the master branch. Restore the expected behavior by using git log -1 $env:APPVEYOR_PULL_REQUEST_HEAD_COMMIT Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11981) (cherry picked from commit d805b83166538907535862372c16ff6ceb648b21) View the changeset: https://github.com/openssl/openssl/compare/3fc83feae0bc...3476de9199c1 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/693777465?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jun 3 20:20:00 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Jun 2020 20:20:00 +0000 Subject: Errored: openssl/openssl#35221 (OpenSSL_1_1_1-stable - 7aa3fb0) In-Reply-To: Message-ID: <5ed805f074ddc_13fad93b3ba0c51458a@travis-tasks-b7787498b-x4tdv.mail> Build Update for openssl/openssl ------------------------------------- Build: #35221 Status: Errored Duration: 2 mins and 18 secs Commit: 7aa3fb0 (OpenSSL_1_1_1-stable) Author: Dr. David von Oheimb Message: Replace remnant BUF_strdup() call by OPENSSL_strdup() in bss_acpt.c View the changeset: https://github.com/openssl/openssl/compare/e6a80cbad28e...7aa3fb0aa35f View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694395141?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Wed Jun 3 20:58:03 2020 From: builds at travis-ci.org (Travis CI) Date: Wed, 03 Jun 2020 20:58:03 +0000 Subject: Still Failing: openssl/openssl#35224 (OpenSSL_1_1_1-stable - e6a80cb) In-Reply-To: Message-ID: <5ed80edab08af_13fb5549d6888109477@travis-tasks-5bf688d498-jjjqw.mail> Build Update for openssl/openssl ------------------------------------- Build: #35224 Status: Still Failing Duration: 17 mins and 21 secs Commit: e6a80cb (OpenSSL_1_1_1-stable) Author: Bernd Edlinger Message: Fix a buffer overflow in drbg_ctr_generate This can happen if the 32-bit counter overflows and the last block is not a multiple of 16 bytes. Fixes #12012 [extended tests] Reviewed-by: Tomas Mraz Reviewed-by: Patrick Steuer Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12016) (cherry picked from commit 42fa3e66697baa121220b4eacf03607280e4ff89) View the changeset: https://github.com/openssl/openssl/compare/7aa3fb0aa35f...e6a80cbad28e View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694405390?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 4 01:53:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jun 2020 01:53:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1591235582.972900.25776.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs a5a87011ba fix a docs typo d805b83166 Prevent extended tests run unexpectedly in appveyor 23ccae80bd Move EC_METHOD to internal-only e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead 32df13497a Remove getenv(OPENSSL_FIPS) in openssl command 41dccd68b9 Revert the check for NaN in %f format c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses 60d3b5b9ff add FFDH to speed command Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-core_numbers.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4078: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3053: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Thu Jun 4 04:16:46 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Jun 2020 04:16:46 +0000 Subject: Build failed: openssl master.34660 Message-ID: <20200604041646.1.5603C061F81E8F5E@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 4 06:23:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jun 2020 06:23:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1591251794.372861.12519.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs a5a87011ba fix a docs typo d805b83166 Prevent extended tests run unexpectedly in appveyor 23ccae80bd Move EC_METHOD to internal-only e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead 32df13497a Remove getenv(OPENSSL_FIPS) in openssl command 41dccd68b9 Revert the check for NaN in %f format c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses 60d3b5b9ff add FFDH to speed command Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-core_numbers.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha3-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4069: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3044: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From mark at openssl.org Thu Jun 4 08:23:46 2020 From: mark at openssl.org (Mark J. Cox) Date: Thu, 04 Jun 2020 08:23:46 +0000 Subject: [web] master update Message-ID: <1591259026.936402.10894.nullmailer@dev.openssl.org> The branch master has been updated via 99682759ed4de5f994e486e6bc6ca0f8617c8c5b (commit) via 2fa2bb62190deb3c45df3b691a414246d87d9fe4 (commit) via 3beefff3e6a58d2796eba2ef9944404b3d706c48 (commit) from ea973d250e311c51c91217c2e6edf93370be0e43 (commit) - Log ----------------------------------------------------------------- commit 99682759ed4de5f994e486e6bc6ca0f8617c8c5b Merge: ea973d2 2fa2bb6 Author: Mark J. Cox Date: Thu Jun 4 09:22:17 2020 +0100 Merge pull request #179 from iamamoose/sponsors Add a link to our GitHub sponsors page commit 2fa2bb62190deb3c45df3b691a414246d87d9fe4 Author: Mark J. Cox Date: Thu Jun 4 08:01:11 2020 +0100 Closing tag commit 3beefff3e6a58d2796eba2ef9944404b3d706c48 Author: Mark J. Cox Date: Thu Jun 4 07:58:51 2020 +0100 Add a link to our GitHub sponsors page; we do need to rework all these pages in the future so don't worry about the "and one more thing" style for now. ----------------------------------------------------------------------- Summary of changes: support/donations.html | 3 +++ 1 file changed, 3 insertions(+) diff --git a/support/donations.html b/support/donations.html index 731ac19..0228569 100644 --- a/support/donations.html +++ b/support/donations.html @@ -17,6 +17,9 @@ sponsorship donation, or by hiring OSF for consulting services or custom software development.

+

We can also accept smaller donations + via GitHub Sponsors.

+

We do not have a PayPal account. Please do not donate to any PayPal account claiming to be associated with us!

From mark at openssl.org Thu Jun 4 08:28:17 2020 From: mark at openssl.org (Mark J. Cox) Date: Thu, 04 Jun 2020 08:28:17 +0000 Subject: [web] master update Message-ID: <1591259297.475644.27734.nullmailer@dev.openssl.org> The branch master has been updated via 320f9a2a880121e1b6cf2f9c8e27814abbc9b31f (commit) via fdfbad68adcdcdd09533b493a22113408a568249 (commit) from 99682759ed4de5f994e486e6bc6ca0f8617c8c5b (commit) - Log ----------------------------------------------------------------- commit 320f9a2a880121e1b6cf2f9c8e27814abbc9b31f Merge: 9968275 fdfbad6 Author: Mark J. Cox Date: Thu Jun 4 09:27:32 2020 +0100 Merge pull request #165 from iamamoose/nostandards Remove the docs/standards.html page commit fdfbad68adcdcdd09533b493a22113408a568249 Author: Mark J. Cox Date: Fri Mar 20 14:19:56 2020 +0000 The standards page is out of date and we don't want to maintain it going forward, so best to remove it fixes #155 #106 ----------------------------------------------------------------------- Summary of changes: docs/index.html | 4 +- docs/sidebar.shtml | 3 - docs/standards.html | 200 ---------------------------------------------------- 3 files changed, 1 insertion(+), 206 deletions(-) delete mode 100644 docs/standards.html diff --git a/docs/index.html b/docs/index.html index a0297d0..16b7bf4 100644 --- a/docs/index.html +++ b/docs/index.html @@ -22,9 +22,7 @@

The frequently-asked questions (FAQ) - is available. So is an incomplete list of - what standards (RFC's) are relevant. -

+ is available.

Information about the first-ever open source FIPS-140 validation is also diff --git a/docs/sidebar.shtml b/docs/sidebar.shtml index e017bad..a603a43 100644 --- a/docs/sidebar.shtml +++ b/docs/sidebar.shtml @@ -6,9 +6,6 @@

  • FAQ
    • -
  • - Relevant standards -
  • Manpages
    • diff --git a/docs/standards.html b/docs/standards.html deleted file mode 100644 index c9e612e..0000000 --- a/docs/standards.html +++ /dev/null @@ -1,200 +0,0 @@ - - - - - -
    -
    -
    -
    -

    Standards

    -
    -

    This page is a partial list of the specifications - that are relevant to OpenSSL. Sometimes a document is useful - because OpenSSL provides an implementation; and sometimes it is - useful just for background knowledge. This list is maintained - on a casual basis. If you have updates, please let us know.

    - -

    Note that we do not claim to have completely implemented every - part of any specification. And also that some algorithms are - disabled by default.

    - -
      -
    • RFC 1319: - The MD2 Message-Digest Algorithm
      • -
    • RFC 1320: - The MD4 Message-Digest Algorithm
      • -
    • RFC 1321: - The MD5 Message-Digest Algorithm
      • -
    • RFC 1421: - Privacy Enhancement for Internet Electronic Mail: Part - I: Message Encryption and Authentication Procedures
      • -
    • RFC 1422: - Privacy Enhancement for Internet Electronic Mail: Part - II: Certificate-Based Key Management
      • -
    • RFC 1423: - Privacy Enhancement for Internet Electronic Mail: Part - III: Algorithms, Modes, and Identifiers
      • -
    • RFC 1424: - Privacy Enhancement for Internet Electronic Mail: Part - IV: Key Certification and Related Services
      • -
    • RFC 2246: - The TLS Protocol Version 1
      • -
    • RFC 2268: - A Description of the RC2(r) Encryption - Algorithm
      • -
    • RFC 2315: - PKCS 7: Cryptographic Message Syntax Version 1.5
      • -
    • RFC 2510: - Internet X.509 Public Key Infrastructure Certificate - Management Protocols
      • -
    • RFC 2511: - Internet X.509 Certificate Request Message Format
      • -
    • RFC 2527: - Internet X.509 Public Key Infrastructure Certificate - Policy and Certification Practices Framework
      • -
    • RFC 2538: - Storing Certificates in the Domain Name System - (DNS)
      • -
    • RFC 2539: - Storage of Diffie-Hellman Keys in the Domain Name - System (DNS)
      • -
    • RFC 2559: - Internet X.509 Public Key Infrastructure Operational - Protocols - LDAPv2
      • -
    • RFC 2560: - X.509 Internet Public Key Infrastructure Online - Certificate Status Protocol - OCSP
      • -
    • RFC 2585: - Internet X.509 Public Key Infrastructure Operational - Protocols: FTP and HTTP
      • -
    • RFC 2587: - Internet X.509 Public Key Infrastructure LDAPv2 -
    • RFC 2595: - Using TLS with IMAP, POP3 and ACAP
      • -
    • RFC 2631: - Diffie-Hellman Key Agreement Method
      • -
    • RFC 2632: - S/MIME Version 3 Certificate Handling
      • - Schema -
    • RFC 2716: - PPP EAP TLS Authentication Protocol
      • -
    • RFC 2797: - Certificate Management Messages over CMS
      • -
    • RFC 2817: - Upgrading to TLS Within HTTP/1.1
      • -
    • RFC 2818: - HTTP Over TLS
      • -
    • RFC 2898: - PKCS #5: Password-Based Cryptography Specification - Version 2.0
      • -
    • RFC 2984: - Use of the CAST-128 Encryption Algorithm in CMS
      • -
    • RFC 2985: - PKCS #9: Selected Object Classes and Attribute Types - Version 2.0
      • -
    • RFC 2986: - PKCS #10: Certification Request Syntax Specification - Version 1.7
      • -
    • RFC 3029: - Internet X.509 Public Key Infrastructure Data - Validation and Certification Server Protocols
      • -
    • RFC 3039: - Internet X.509 Public Key Infrastructure Qualified - Certificates Profile
      • -
    • RFC 3058: - Use of the IDEA Encryption Algorithm in CMS
      • -
    • RFC 3161: - Internet X.509 Public Key Infrastructure, Time-Stamp - Protocol (TSP)
      • -
    • RFC 3174: - US Secure Hash Algorithm 1 (SHA1)
      • -
    • RFC 3185: - Reuse of CMS Content Encryption Keys
      • -
    • RFC 3207: - SMTP Service Extension for Secure SMTP over Transport - Layer Security
      • -
    • RFC 3217: - Triple-DES and RC2 Key Wrapping
      • -
    • RFC 3268: - Advanced Encryption Standard (AES) Ciphersuites for - Transport Layer Security (TLS)
      • -
    • RFC 3274: - Compressed Data Content Type for Cryptographic Message - Syntax (CMS)
      • -
    • RFC 3278: - Use of Elliptic Curve Cryptography (ECC) Algorithms in - Cryptographic Message Syntax (CMS)
      • -
    • RFC 3279: - Algorithms and Identifiers for the Internet X.509 - Public Key Infrastructure Certificate and Certificate Revocation - List (CRL) Profile
      • -
    • RFC 3280: - Internet X.509 Public Key Infrastructure Certificate - and Certificate Revocation List (CRL) Profile
      • -
    • RFC 3281: - An Internet Attribute Certificate Profile for - Authorization
      • -
    • RFC 3369: - Cryptographic Message Syntax (CMS)
      • -
    • RFC 3370: - Cryptographic Message Syntax (CMS) Algorithms
      • -
    • RFC 3394: - Advanced Encryption Standard (AES) Key Wrap - Algorithm
      • -
    • RFC 3436: - Transport Layer Security over Stream Control - Transmission Protocol
      • -
    • RFC 3447: - Public-Key Cryptography Standards (PKCS) #1: RSA - Cryptography Specifications Version 2.1
      • -
    • RFC 3657: - Use of the Camellia Encryption Algorithm in - Cryptographic Message Syntax (CMS)
      • -
    • RFC 3713: - A Description of the Camellia Encryption Algorithm
      • -
    • RFC 3820: - Internet X.509 Public Key Infrastructure (PKI) Proxy - Certificate Profile
      • -
    • RFC 4132: - Addition of Camellia Cipher Suites to Transport - Layer Security (TLS)
      • -
    • RFC 4162: - Addition of SEED Cipher Suites to Transport Layer - Security (TLS)
      • -
    • RFC 4269: - The SEED Encryption Algorithm
      • -
    • PKCS#11: - Standards for Cryptographic Tokens
      • -
    • RFC 4346: - The Transport Layer Security (TLS) Protocol Version 1.1
      • -
    • RFC 5208: - PKCS#8: Private-Key Information Syntax Specification Version 1.2
      • -
    • RFC 5246: - The Transport Layer Security (TLS) Protocol Version 1.2
      • -
    • RFC 6962: - Certificate Transparency
      • -
    • RFC 7292: - PKCS #12: Personal Information Exchange Syntax v1.1
      • -
    • RFC 7693: - The BLAKE2 Cryptographic Hash and Message - Authentication Code (MAC)
      • -
    -

    -
    - -
    -
    - -
    -
    - - - - From mark at openssl.org Thu Jun 4 08:29:52 2020 From: mark at openssl.org (Mark J. Cox) Date: Thu, 04 Jun 2020 08:29:52 +0000 Subject: [web] master update Message-ID: <1591259392.114187.30404.nullmailer@dev.openssl.org> The branch master has been updated via cd5f6fd47dd9f73f3fefbd5fad1ea8efb19902e7 (commit) via 67e47e8ba8c4b28604817c1b1be8756b1e894e21 (commit) from 320f9a2a880121e1b6cf2f9c8e27814abbc9b31f (commit) - Log ----------------------------------------------------------------- commit cd5f6fd47dd9f73f3fefbd5fad1ea8efb19902e7 Merge: 320f9a2 67e47e8 Author: Mark J. Cox Date: Thu Jun 4 09:29:20 2020 +0100 Merge pull request #171 from t8m/master Mention the CLA: trivial marker commit 67e47e8ba8c4b28604817c1b1be8756b1e894e21 Author: Tom?? Mr?z Date: Thu Apr 16 12:22:26 2020 +0200 Mention the CLA: trivial marker ----------------------------------------------------------------------- Summary of changes: policies/cla.html | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/policies/cla.html b/policies/cla.html index 51876e4..e29cf7d 100644 --- a/policies/cla.html +++ b/policies/cla.html @@ -46,8 +46,10 @@

    In practice, it is required that the author (in the git commit message) and all approving team members (in the pull request thread) - agree that a change is trivial. The reviewers will normally post - a statement to the effect of "I agree that it is a trivial change." + agree that a change is trivial. The author has to add "CLA: trivial" + in the commit message separated by an empty line from the rest of the + message. The reviewers will normally post a statement to the effect + of "I agree that it is a trivial change."

    From openssl at openssl.org Thu Jun 4 08:48:51 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jun 2020 08:48:51 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1591260531.290468.32605.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: 29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs a5a87011ba fix a docs typo d805b83166 Prevent extended tests run unexpectedly in appveyor 23ccae80bd Move EC_METHOD to internal-only e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead 32df13497a Remove getenv(OPENSSL_FIPS) in openssl command 41dccd68b9 Revert the check for NaN in %f format c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses 60d3b5b9ff add FFDH to speed command Build log ended with (last 100 lines): clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-list.d.tmp -MT apps/openssl-bin-list.o -c -o apps/openssl-bin-list.o ../openssl/apps/list.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-mac.d.tmp -MT apps/openssl-bin-mac.o -c -o apps/openssl-bin-mac.o ../openssl/apps/mac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-nseq.d.tmp -MT apps/openssl-bin-nseq.o -c -o apps/openssl-bin-nseq.o ../openssl/apps/nseq.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-ocsp.d.tmp -MT apps/openssl-bin-ocsp.o -c -o apps/openssl-bin-ocsp.o ../openssl/apps/ocsp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-openssl.d.tmp -MT apps/openssl-bin-openssl.o -c -o apps/openssl-bin-openssl.o ../openssl/apps/openssl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-passwd.d.tmp -MT apps/openssl-bin-passwd.o -c -o apps/openssl-bin-passwd.o ../openssl/apps/passwd.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs12.d.tmp -MT apps/openssl-bin-pkcs12.o -c -o apps/openssl-bin-pkcs12.o ../openssl/apps/pkcs12.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs7.d.tmp -MT apps/openssl-bin-pkcs7.o -c -o apps/openssl-bin-pkcs7.o ../openssl/apps/pkcs7.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs8.d.tmp -MT apps/openssl-bin-pkcs8.o -c -o apps/openssl-bin-pkcs8.o ../openssl/apps/pkcs8.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkey.d.tmp -MT apps/openssl-bin-pkey.o -c -o apps/openssl-bin-pkey.o ../openssl/apps/pkey.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyparam.d.tmp -MT apps/openssl-bin-pkeyparam.o -c -o apps/openssl-bin-pkeyparam.o ../openssl/apps/pkeyparam.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyutl.d.tmp -MT apps/openssl-bin-pkeyutl.o -c -o apps/openssl-bin-pkeyutl.o ../openssl/apps/pkeyutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-prime.d.tmp -MT apps/openssl-bin-prime.o -c -o apps/openssl-bin-prime.o ../openssl/apps/prime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-progs.d.tmp -MT apps/openssl-bin-progs.o -c -o apps/openssl-bin-progs.o apps/progs.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-provider.d.tmp -MT apps/openssl-bin-provider.o -c -o apps/openssl-bin-provider.o ../openssl/apps/provider.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rand.d.tmp -MT apps/openssl-bin-rand.o -c -o apps/openssl-bin-rand.o ../openssl/apps/rand.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rehash.d.tmp -MT apps/openssl-bin-rehash.o -c -o apps/openssl-bin-rehash.o ../openssl/apps/rehash.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-req.d.tmp -MT apps/openssl-bin-req.o -c -o apps/openssl-bin-req.o ../openssl/apps/req.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsa.d.tmp -MT apps/openssl-bin-rsa.o -c -o apps/openssl-bin-rsa.o ../openssl/apps/rsa.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsautl.d.tmp -MT apps/openssl-bin-rsautl.o -c -o apps/openssl-bin-rsautl.o ../openssl/apps/rsautl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_client.d.tmp -MT apps/openssl-bin-s_client.o -c -o apps/openssl-bin-s_client.o ../openssl/apps/s_client.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_server.d.tmp -MT apps/openssl-bin-s_server.o -c -o apps/openssl-bin-s_server.o ../openssl/apps/s_server.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_time.d.tmp -MT apps/openssl-bin-s_time.o -c -o apps/openssl-bin-s_time.o ../openssl/apps/s_time.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-sess_id.d.tmp -MT apps/openssl-bin-sess_id.o -c -o apps/openssl-bin-sess_id.o ../openssl/apps/sess_id.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-smime.d.tmp -MT apps/openssl-bin-smime.o -c -o apps/openssl-bin-smime.o ../openssl/apps/smime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-speed.d.tmp -MT apps/openssl-bin-speed.o -c -o apps/openssl-bin-speed.o ../openssl/apps/speed.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-spkac.d.tmp -MT apps/openssl-bin-spkac.o -c -o apps/openssl-bin-spkac.o ../openssl/apps/spkac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-srp.d.tmp -MT apps/openssl-bin-srp.o -c -o apps/openssl-bin-srp.o ../openssl/apps/srp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-storeutl.d.tmp -MT apps/openssl-bin-storeutl.o -c -o apps/openssl-bin-storeutl.o ../openssl/apps/storeutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-verify.d.tmp -MT apps/openssl-bin-verify.o -c -o apps/openssl-bin-verify.o ../openssl/apps/verify.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-version.d.tmp -MT apps/openssl-bin-version.o -c -o apps/openssl-bin-version.o ../openssl/apps/version.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-x509.d.tmp -MT apps/openssl-bin-x509.o -c -o apps/openssl-bin-x509.o ../openssl/apps/x509.c rm -f fuzz/cmp-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o fuzz/cmp-test \ fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-test-corpus.o \ libcrypto.a -ldl -pthread rm -f test/asn1_dsa_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_dsa_internal_test \ test/asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/asn1_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_internal_test \ test/asn1_internal_test-bin-asn1_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/bn_internal_test libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/bn_internal_test \ test/bn_internal_test-bin-bn_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22829: recipe for target 'fuzz/cmp-test' failed make[1]: *** [fuzz/cmp-test] Error 1 make[1]: *** Waiting for unfinished jobs.... clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23050: recipe for target 'test/asn1_dsa_internal_test' failed make[1]: *** [test/asn1_dsa_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23080: recipe for target 'test/asn1_internal_test' failed make[1]: *** [test/asn1_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23278: recipe for target 'test/bn_internal_test' failed make[1]: *** [test/bn_internal_test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ts' Makefile:3039: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Thu Jun 4 09:12:18 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Jun 2020 09:12:18 +0000 Subject: Build failed: openssl master.34674 Message-ID: <20200604091218.1.6CD32756FEEF9F6F@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 4 09:33:53 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jun 2020 09:33:53 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1591263233.193010.6349.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs a5a87011ba fix a docs typo d805b83166 Prevent extended tests run unexpectedly in appveyor 23ccae80bd Move EC_METHOD to internal-only e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead 32df13497a Remove getenv(OPENSSL_FIPS) in openssl command 41dccd68b9 Revert the check for NaN in %f format c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses 60d3b5b9ff add FFDH to speed command From no-reply at appveyor.com Thu Jun 4 10:14:03 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 04 Jun 2020 10:14:03 +0000 Subject: Build completed: openssl master.34675 Message-ID: <20200604101403.1.1BDE5D55C49F8584@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 4 12:25:21 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jun 2020 12:25:21 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1591273521.567019.14567.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs a5a87011ba fix a docs typo d805b83166 Prevent extended tests run unexpectedly in appveyor 23ccae80bd Move EC_METHOD to internal-only e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead 32df13497a Remove getenv(OPENSSL_FIPS) in openssl command 41dccd68b9 Revert the check for NaN in %f format c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses 60d3b5b9ff add FFDH to speed command Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=198, Tests=1990, 715 wallclock secs ( 8.29 usr 1.47 sys + 677.48 cusr 44.47 csys = 731.71 CPU) Result: FAIL Makefile:3093: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3091: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Thu Jun 4 13:54:42 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2020 13:54:42 +0000 Subject: [openssl] master update Message-ID: <1591278882.405162.848.nullmailer@dev.openssl.org> The branch master has been updated via 00c405b36578262323a73ce8b8441213a09b7e41 (commit) from 19d15f97b3932d14e17d0b61115b664169ca6159 (commit) - Log ----------------------------------------------------------------- commit 00c405b36578262323a73ce8b8441213a09b7e41 Author: Matt Caswell Date: Thu Jun 4 14:33:57 2020 +0100 Update copyright year Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12043) ----------------------------------------------------------------------- Summary of changes: crypto/bio/b_print.c | 2 +- crypto/bn/bn_mpi.c | 2 +- crypto/core_algorithm.c | 2 +- crypto/core_fetch.c | 2 +- crypto/ec/eck_prn.c | 2 +- crypto/engine/eng_lib.c | 2 +- crypto/modes/cbc128.c | 2 +- crypto/modes/ccm128.c | 2 +- crypto/modes/cfb128.c | 2 +- crypto/modes/ctr128.c | 2 +- crypto/modes/gcm128.c | 2 +- crypto/modes/ofb128.c | 2 +- crypto/modes/xts128.c | 2 +- crypto/o_str.c | 2 +- crypto/pem/pem_pk8.c | 2 +- crypto/provider.c | 2 +- crypto/serializer/serializer_meth.c | 2 +- crypto/ui/ui_openssl.c | 2 +- crypto/ui/ui_util.c | 2 +- crypto/x509/x509_d2.c | 2 +- doc/internal/man3/ossl_provider_new.pod | 2 +- doc/man3/ASN1_STRING_TABLE_add.pod | 2 +- doc/man3/ASN1_STRING_length.pod | 2 +- doc/man3/ASN1_STRING_new.pod | 2 +- doc/man3/EC_GFp_simple_method.pod | 2 +- doc/man3/EC_GROUP_copy.pod | 2 +- doc/man3/EC_GROUP_new.pod | 2 +- doc/man3/EC_KEY_new.pod | 2 +- doc/man3/EC_POINT_add.pod | 2 +- doc/man3/EVP_KDF.pod | 2 +- doc/man3/EVP_PKEY_ASN1_METHOD.pod | 2 +- doc/man3/EVP_PKEY_copy_parameters.pod | 2 +- doc/man3/SSL_CTX_load_verify_locations.pod | 2 +- doc/man3/SSL_CTX_set_psk_client_callback.pod | 2 +- doc/man3/SSL_CTX_use_psk_identity_hint.pod | 2 +- doc/man3/SSL_get_error.pod | 2 +- doc/man3/SSL_read_early_data.pod | 2 +- doc/man3/X509_PUBKEY_new.pod | 2 +- doc/man5/fips_config.pod | 2 +- doc/man7/proxy-certificates.pod | 2 +- include/internal/core.h | 2 +- include/openssl/fips_names.h | 2 +- providers/common/bio_prov.c | 2 +- providers/common/include/prov/bio.h | 2 +- ssl/statem/statem_local.h | 2 +- test/bioprinttest.c | 2 +- test/errtest.c | 2 +- test/exdatatest.c | 2 +- test/ossl_shim/ossl_shim.cc | 2 +- test/ossl_shim/test_config.h | 2 +- test/recipes/25-test_verify_store.t | 2 +- test/recipes/90-test_store.t | 2 +- test/recipes/95-test_external_gost_engine.t | 2 +- 53 files changed, 53 insertions(+), 53 deletions(-) diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index a5dfff503c..853f094a8a 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index d2be44e2bd..b8e92e1263 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c index 5c019f0405..f2e0e06fa8 100644 --- a/crypto/core_algorithm.c +++ b/crypto/core_algorithm.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index 51ae4011dc..89a44ddbe5 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 6bcfe032d4..894219fba6 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 0cdb3fde42..702b61b23f 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c index ba765626ee..df0ab244f8 100644 --- a/crypto/modes/cbc128.c +++ b/crypto/modes/cbc128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c index e1b2501273..eee7a69c3a 100644 --- a/crypto/modes/ccm128.c +++ b/crypto/modes/ccm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c index e60b90b8c6..fa94f047b5 100644 --- a/crypto/modes/cfb128.c +++ b/crypto/modes/cfb128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c index fc1db42d7f..ad25eb38dd 100644 --- a/crypto/modes/ctr128.c +++ b/crypto/modes/ctr128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index dc6d90dd0c..0cefa1c865 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c index e9b24f863e..829d724e2a 100644 --- a/crypto/modes/ofb128.c +++ b/crypto/modes/ofb128.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c index 9dbcb5bc9a..0dec42c310 100644 --- a/crypto/modes/xts128.c +++ b/crypto/modes/xts128.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/o_str.c b/crypto/o_str.c index 6578857b94..8aa1a2a4dd 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -1,5 +1,5 @@ /* - * Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 6098d92342..8dbcb65bf7 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/provider.c b/crypto/provider.c index 09a5e53907..13438cefe3 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/serializer/serializer_meth.c b/crypto/serializer/serializer_meth.c index bc30c96bef..e3e77c542a 100644 --- a/crypto/serializer/serializer_meth.c +++ b/crypto/serializer/serializer_meth.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index e41a719e65..78b88c07f1 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c index 6ca5706ea5..58769d68a3 100644 --- a/crypto/ui/ui_util.c +++ b/crypto/ui/ui_util.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c index dec5f9d077..c0543adf1e 100644 --- a/crypto/x509/x509_d2.c +++ b/crypto/x509/x509_d2.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index d5d732d415..7bc5a38669 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -295,7 +295,7 @@ The functions described here were all added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASN1_STRING_TABLE_add.pod b/doc/man3/ASN1_STRING_TABLE_add.pod index 340a99e683..243da826f7 100644 --- a/doc/man3/ASN1_STRING_TABLE_add.pod +++ b/doc/man3/ASN1_STRING_TABLE_add.pod @@ -55,7 +55,7 @@ L =head1 COPYRIGHT -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASN1_STRING_length.pod b/doc/man3/ASN1_STRING_length.pod index 5d974fddd1..e3cf8bb2d0 100644 --- a/doc/man3/ASN1_STRING_length.pod +++ b/doc/man3/ASN1_STRING_length.pod @@ -103,7 +103,7 @@ L =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/ASN1_STRING_new.pod b/doc/man3/ASN1_STRING_new.pod index 83f6aaa6f8..ff20de73b7 100644 --- a/doc/man3/ASN1_STRING_new.pod +++ b/doc/man3/ASN1_STRING_new.pod @@ -42,7 +42,7 @@ L =head1 COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EC_GFp_simple_method.pod b/doc/man3/EC_GFp_simple_method.pod index cbdb6ec1c3..eec721edb5 100644 --- a/doc/man3/EC_GFp_simple_method.pod +++ b/doc/man3/EC_GFp_simple_method.pod @@ -71,7 +71,7 @@ were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EC_GROUP_copy.pod b/doc/man3/EC_GROUP_copy.pod index 6f33481856..ee3ce27bb5 100644 --- a/doc/man3/EC_GROUP_copy.pod +++ b/doc/man3/EC_GROUP_copy.pod @@ -246,7 +246,7 @@ EC_GROUP_check_named_curve() and EC_GROUP_get_field_type() were added in OpenSSL =head1 COPYRIGHT -Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod index 7bea1dd061..fa61275806 100644 --- a/doc/man3/EC_GROUP_new.pod +++ b/doc/man3/EC_GROUP_new.pod @@ -193,7 +193,7 @@ instead. =head1 COPYRIGHT -Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EC_KEY_new.pod b/doc/man3/EC_KEY_new.pod index c706dbe425..04ad740bc6 100644 --- a/doc/man3/EC_KEY_new.pod +++ b/doc/man3/EC_KEY_new.pod @@ -207,7 +207,7 @@ EC_KEY_precompute_mult() was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EC_POINT_add.pod b/doc/man3/EC_POINT_add.pod index 70205486f7..b276be46ed 100644 --- a/doc/man3/EC_POINT_add.pod +++ b/doc/man3/EC_POINT_add.pod @@ -88,7 +88,7 @@ were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index bceee3f500..8893a20302 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -259,7 +259,7 @@ This functionality was added to OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index bad9370867..bc1f1ad04d 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -434,7 +434,7 @@ B object otherwise. =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_copy_parameters.pod b/doc/man3/EVP_PKEY_copy_parameters.pod index 01fbb48109..a3879c4e01 100644 --- a/doc/man3/EVP_PKEY_copy_parameters.pod +++ b/doc/man3/EVP_PKEY_copy_parameters.pod @@ -74,7 +74,7 @@ functions that return 0 in case their arguments are equal. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod index ecc75b72e0..7408a2080d 100644 --- a/doc/man3/SSL_CTX_load_verify_locations.pod +++ b/doc/man3/SSL_CTX_load_verify_locations.pod @@ -172,7 +172,7 @@ L =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod index 70eefa0265..c7e51f7441 100644 --- a/doc/man3/SSL_CTX_set_psk_client_callback.pod +++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -169,7 +169,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/doc/man3/SSL_CTX_use_psk_identity_hint.pod index 0e70d4d531..69f7e9d4f8 100644 --- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod +++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod @@ -146,7 +146,7 @@ were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index f13f3ea468..07466731eb 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -178,7 +178,7 @@ The SSL_ERROR_WANT_CLIENT_HELLO_CB error code was added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index dd86831767..460a436eaa 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -365,7 +365,7 @@ All of the functions described above were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_PUBKEY_new.pod b/doc/man3/X509_PUBKEY_new.pod index 60d1cd390e..76034fa878 100644 --- a/doc/man3/X509_PUBKEY_new.pod +++ b/doc/man3/X509_PUBKEY_new.pod @@ -121,7 +121,7 @@ The X509_PUBKEY_eq() function was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod index e589aa3d95..9f7650f243 100644 --- a/doc/man5/fips_config.pod +++ b/doc/man5/fips_config.pod @@ -71,7 +71,7 @@ L =head1 COPYRIGHT -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/proxy-certificates.pod b/doc/man7/proxy-certificates.pod index eab28b5658..395fab86e5 100644 --- a/doc/man7/proxy-certificates.pod +++ b/doc/man7/proxy-certificates.pod @@ -351,7 +351,7 @@ L =head1 COPYRIGHT -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/core.h b/include/internal/core.h index e2d2b28e8c..8823b3c744 100644 --- a/include/internal/core.h +++ b/include/internal/core.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h index 1546b11ff7..493ddb046d 100644 --- a/include/openssl/fips_names.h +++ b/include/openssl/fips_names.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/common/bio_prov.c b/providers/common/bio_prov.c index 2bfd14b512..4ddfa0c414 100644 --- a/providers/common/bio_prov.c +++ b/providers/common/bio_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/common/include/prov/bio.h b/providers/common/include/prov/bio.h index 732dc06f03..c63f6b5da5 100644 --- a/providers/common/include/prov/bio.h +++ b/providers/common/include/prov/bio.h @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/ssl/statem/statem_local.h b/ssl/statem/statem_local.h index 6a4708cee9..9e03b7d363 100644 --- a/ssl/statem/statem_local.h +++ b/ssl/statem/statem_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/bioprinttest.c b/test/bioprinttest.c index e6e32a64fc..18c00e09b6 100644 --- a/test/bioprinttest.c +++ b/test/bioprinttest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/errtest.c b/test/errtest.c index 9adf4ca917..f7a6f85470 100644 --- a/test/errtest.c +++ b/test/errtest.c @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/exdatatest.c b/test/exdatatest.c index 2e92c328fd..8dd9261d25 100644 --- a/test/exdatatest.c +++ b/test/exdatatest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index aeaea100ad..720a92d9d6 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h index 6968a128ca..6dc7319485 100644 --- a/test/ossl_shim/test_config.h +++ b/test/ossl_shim/test_config.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/25-test_verify_store.t b/test/recipes/25-test_verify_store.t index 2afb8cb56f..920b608a37 100644 --- a/test/recipes/25-test_verify_store.t +++ b/test/recipes/25-test_verify_store.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index 337bbb10c9..9fd0acf762 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/95-test_external_gost_engine.t b/test/recipes/95-test_external_gost_engine.t index e7522e7032..204f78a928 100644 --- a/test/recipes/95-test_external_gost_engine.t +++ b/test/recipes/95-test_external_gost_engine.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy From matt at openssl.org Thu Jun 4 14:20:25 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2020 14:20:25 +0000 Subject: [openssl] master update Message-ID: <1591280425.563448.30159.nullmailer@dev.openssl.org> The branch master has been updated via c2db6839e474e655974292690b18e22c39d093ae (commit) via 3952c5a312bde6479578dcbc162ec6ce77318924 (commit) from 00c405b36578262323a73ce8b8441213a09b7e41 (commit) - Log ----------------------------------------------------------------- commit c2db6839e474e655974292690b18e22c39d093ae Author: Matt Caswell Date: Thu Jun 4 14:58:20 2020 +0100 Prepare for 3.0 alpha 4 Reviewed-by: Tomas Mraz commit 3952c5a312bde6479578dcbc162ec6ce77318924 Author: Matt Caswell Date: Thu Jun 4 14:56:40 2020 +0100 Prepare for release of 3.0 alpha 3 Reviewed-by: Tomas Mraz ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index a342bef4c0..48c68bdd04 100644 --- a/VERSION +++ b/VERSION @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 PATCH=0 -PRE_RELEASE_TAG=alpha3-dev +PRE_RELEASE_TAG=alpha4-dev BUILD_METADATA= RELEASE_DATE="" SHLIB_VERSION=3 From matt at openssl.org Thu Jun 4 14:20:54 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2020 14:20:54 +0000 Subject: [openssl] openssl-3.0.0-alpha3 create Message-ID: <1591280454.652507.31170.nullmailer@dev.openssl.org> The annotated tag openssl-3.0.0-alpha3 has been created at 8e83bafcf6ab0dfa91e3e9ca6d01a7343bee45bf (tag) tagging 3952c5a312bde6479578dcbc162ec6ce77318924 (commit) replaces openssl-3.0.0-alpha2 tagged by Matt Caswell on Thu Jun 4 14:56:41 2020 +0100 - Log ----------------------------------------------------------------- OpenSSL 3.0.0-alpha3 release tag -----BEGIN PGP SIGNATURE----- iQFFBAABCAAvFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAl7Y/ZkRHG1hdHRAb3Bl bnNzbC5vcmcACgkQ2cTSbQ5gRJHQIAgAg4V42IVDiESjOaAGQk3qtMez8Vt3B7HE v3J5SOl3O45MoK/QDkyAxGqqUIZQJelwE2j4Ahv3YPddstOPZ0DjwO5/ommuZCn1 bHnci4a6hUJNWq9+qoSFLWIlrWp4r/BaUNRtytbw9zRP73dhqkFcjdrEZQ3u019r ukhK9b9QbkCoquZq4SQiV7DBWWoqEJp8wXyV8ofID3ucgIQOq6oLeTDmEjPToRlb 8O5MaDzmpCAVRGwN5GC3t3MWISD+KP2puQzAsdrqegtkCBHKzbqg4PK1P+aHjtaU O2DUc2ePaCbKhOdh3VcUgu/6s7HCkcZ15/UdAY6xmAN2PIooB/tZhg== =hQhl -----END PGP SIGNATURE----- Benjamin Kaduk (3): test HKDF with empty IKM params: do not ignore zero-length strings RSA: Do not set NULL OAEP labels Bernd Edlinger (9): Fix some places where X509_up_ref is used without error handling. Fix egd and devrandom source configs Fix the parameter types of the CRYPTO_EX_dup function type. Avoid undefined behavior with unaligned accesses bio printf: Avoid using rounding errors in range check Revert the check for NaN in %f format Remove getenv(OPENSSL_FIPS) in openssl command Prevent extended tests run unexpectedly in appveyor Fix a buffer overflow in drbg_ctr_generate Billy Brumley (4): deprecate EC_POINTs_mul function deprecate EC precomputation functionality deprecate EC_POINT_make_affine and EC_POINTs_make_affine Move EC_METHOD to internal-only David von Oheimb (1): Add 'methods' parameter to setup_engine() in apps.c for individual method defaults Dmitry Belyavskiy (8): Constants for new GOST TLS 1.2 ciphersuites GOST-related objects changes New Russian TLS 1.2 implementation Introducing option SSL_OP_IGNORE_UNEXPECTED_EOF Test for the SSL_OP_IGNORE_UNEXPECTED_EOF option GOST external tests Update the gost-engine submodule Update gost-engine commit to match the API changes Dr. David von Oheimb (9): Guard use of struct tms with #ifdef __TMS like done earlier in apps/lib/apps.c Nit-fix: remove whitespace in doc/man3/EVP_PKEY_fromdata.pod causing warning Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c Clean up macro definitions of openssl_fdset() in apps.h and sockets.h Move decl of OSSL_CRMF_CERTID_dup from {crmf,cmp}_local.h to include/openssl/crmf.h Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param() Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and document it Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() Make BIO_do_connect() and friends handle multiple IP addresses Dr. Matthias St. Pierre (1): doc: fix trace category names FdaSilvaYY (1): crypto/cms: add CAdES-BES signed attributes validation Hubert Kario (1): add FFDH to speed command Jack O'Connor (1): fix a docs typo Marc (3): s_client: Show cert algorithms & validity period Use _get0_ functions instead of _get_. s_client: Fix -proxy flag regression Matt Caswell (9): Prepare for 3.0 alpha 3 Ignore some auto-generated DER files Maintain strict type discipline between the core and providers Update documentation following changes of various types Delete the sslprovider test Fail if we fail to fetch the EVP_KEYMGMT Add a test for fetching EVP_PKEY style algs without a provider Update copyright year Prepare for release of 3.0 alpha 3 Maxim Zakharov (1): TTY_get() in crypto/ui/ui_openssl.c open_console() can also return errno 1 (EPERM, Linux) Nicola Tuveri (2): Adjust length of some strncpy() calls Fix coverity issues in EC after #11807 Nikolay Morozov (1): Fix small documentation issues Norm Green (1): Add missing pragma weak declaration to lhash.h Patrick Steuer (1): EVP_EncryptInit.pod: fix example Pauli (11): Coverity 1463258: Incorrect expression (EVALUATION_ORDER) Coverity 1463576: Error handling issues (CHECKED_RETURN) Coverity 1463574: Null pointer dereferences (REVERSE_INULL) Coverity 1463571: Null pointer dereferences (FORWARD_NULL) Coverity 1463830: Resource leaks (RESOURCE_LEAK) ossl_shim: add deprecation guards around the -use-ticket-callback option. fips: add AES CFB mode ciphers to FIPS provider. fips: add AES OFB mode ciphers to FIPS provider. ossl_shim: use the correct ticket key call back. ossl_shim: include core_names.h to resolve undeclared symbols ossl_shim: const cast the param arguments to avoid errors Rich Salz (10): Add "md-nits" make target Fix all MD036 (emphasis used instead of heading) Revise fips_config.pod Revise x509v3_config.pod Revise fips_install.pod Use {module,install}-mac, not -checksum Fix auto-gen names in .gitignore Clean up some doc nits Cleanup cert config files for tests Update manpage to fix examples, other minor tweaks Richard Levitte (18): SSL: refactor ssl_cert_lookup_by_pkey() to work with provider side keys Build: make apps/progs.c depend on configdata.pm CORE: Fix a couple of bugs in algorithm_do_this() CORE: query for operations only once per provider (unless no_store is true) Add OSSL_PROVIDER_do_all() Refactor the provider side DER constants and writers rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(): fix check of |md| STORE: Make try_decode_PrivateKey() ENGINE aware Re-introduce legacy EVP_PKEY types for provided keys Fix omissions in providers/common/der/build.info PROV: Fix RSA-OAEP memory leak PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP util/mkpod2html.pl: Fix unbalanced quotes DOCS: add openssl-core_numbers.h(7) DOCS: add openssl-core_names.h(7) APPS: Remove make_config_name, use CONF_get1_default_config_file instead PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() Shane Lontis (3): Fix ERR_print_errors so that it matches the documented format in doc/man3/ERR_error_string.pod Update core_names.h fields and document most fields. Fix errtest for older compilers Tim Hudson (1): undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations Tomas Mraz (6): Cast the unsigned char to unsigned int before shifting left Avoid potential overflow to the sign bit when shifting left 24 places t1_trce: Fix remaining places where the 24 bit shift overflow happens Prevent use after free of global_engine_lock Revert "Guard use of struct tms with #ifdef __TMS" Drop special case of time interval calculation for VMS mettacrawler (1): There is no -signreq option in CA.pl raja-ashok (4): Fix crash in early data send with out-of-band PSK using AES CCM Test TLSv1.3 out-of-band PSK with all 5 ciphersuites Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 Update early data exchange scenarios in doc ----------------------------------------------------------------------- From matt at openssl.org Thu Jun 4 14:23:03 2020 From: matt at openssl.org (Matt Caswell) Date: Thu, 04 Jun 2020 14:23:03 +0000 Subject: [web] master update Message-ID: <1591280583.106978.6567.nullmailer@dev.openssl.org> The branch master has been updated via e9ed65c8a2ec4544a9830d904c0804a9ad527922 (commit) from cd5f6fd47dd9f73f3fefbd5fad1ea8efb19902e7 (commit) - Log ----------------------------------------------------------------- commit e9ed65c8a2ec4544a9830d904c0804a9ad527922 Author: Matt Caswell Date: Thu Jun 4 15:14:20 2020 +0100 Updates for Alpha 3 release Reviewed-by: Mark J. Cox (Merged from https://github.com/openssl/web/pull/180) ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 6986755..8a0ad60 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -5,6 +5,7 @@ # headings. URL paths must all be absolute. Date: Item +04-Jun-2020: Alpha 3 of OpenSSL 3.0 is now available: please download and test it 16-May-2020: New Blog post: OpenSSL 3.0 Alpha2 Release 15-May-2020: Alpha 2 of OpenSSL 3.0 is now available: please download and test it 12-May-2020: New Blog post: Security Policy Update on Prenotifications From beldmit at gmail.com Thu Jun 4 14:40:31 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 04 Jun 2020 14:40:31 +0000 Subject: [openssl] master update Message-ID: <1591281631.970899.32184.nullmailer@dev.openssl.org> The branch master has been updated via 4cbb196b1b33d6ff2089537df0fdb76ac4741e2a (commit) from c2db6839e474e655974292690b18e22c39d093ae (commit) - Log ----------------------------------------------------------------- commit 4cbb196b1b33d6ff2089537df0fdb76ac4741e2a Author: Aaron Thompson Date: Sat Apr 11 00:56:15 2020 +0000 Fix missed fields in EVP_PKEY_meth_copy. Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11514) ----------------------------------------------------------------------- Summary of changes: crypto/evp/pmeth_lib.c | 43 ++++++------------------------------------- 1 file changed, 6 insertions(+), 37 deletions(-) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index ea8bdec388..dd6556c891 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -385,45 +385,14 @@ void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) { + int pkey_id = dst->pkey_id; + int flags = dst->flags; - dst->init = src->init; - dst->copy = src->copy; - dst->cleanup = src->cleanup; + *dst = *src; - dst->paramgen_init = src->paramgen_init; - dst->paramgen = src->paramgen; - - dst->keygen_init = src->keygen_init; - dst->keygen = src->keygen; - - dst->sign_init = src->sign_init; - dst->sign = src->sign; - - dst->verify_init = src->verify_init; - dst->verify = src->verify; - - dst->verify_recover_init = src->verify_recover_init; - dst->verify_recover = src->verify_recover; - - dst->signctx_init = src->signctx_init; - dst->signctx = src->signctx; - - dst->verifyctx_init = src->verifyctx_init; - dst->verifyctx = src->verifyctx; - - dst->encrypt_init = src->encrypt_init; - dst->encrypt = src->encrypt; - - dst->decrypt_init = src->decrypt_init; - dst->decrypt = src->decrypt; - - dst->derive_init = src->derive_init; - dst->derive = src->derive; - - dst->ctrl = src->ctrl; - dst->ctrl_str = src->ctrl_str; - - dst->check = src->check; + /* We only copy the function pointers so restore the other values */ + dst->pkey_id = pkey_id; + dst->flags = flags; } void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) From levitte at openssl.org Thu Jun 4 14:42:52 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 04 Jun 2020 14:42:52 +0000 Subject: [openssl] master update Message-ID: <1591281772.086943.1480.nullmailer@dev.openssl.org> The branch master has been updated via c8567c392c1dc3dd15651c0d2746a5b87b5a88dd (commit) via f995e5bdcd5d4c2143323ff78e4dcc0b95c5e024 (commit) from 4cbb196b1b33d6ff2089537df0fdb76ac4741e2a (commit) - Log ----------------------------------------------------------------- commit c8567c392c1dc3dd15651c0d2746a5b87b5a88dd Author: Richard Levitte Date: Sat May 23 16:39:18 2020 +0200 CORE: make sure activated fallback providers stay activated Calling 'OSSL_PROVIDER_available(NULL, "default")' would search for the "default" provider, and in doing so, activate it if necessary, thereby detecting that it's available... and then immediately free it, which could deactivate that provider, even though it should stay available. We solve this by incrementing the refcount for activated fallbacks one extra time, thereby simulating an explicit OSSL_PROVIDER_load(), and compensate for it with an extra ossl_provider_free() when emptying the provider store. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11926) commit f995e5bdcd5d4c2143323ff78e4dcc0b95c5e024 Author: Richard Levitte Date: Sat May 23 16:34:07 2020 +0200 TEST: Add provider_fallback_test, to test aspects of fallback providers There are cases where the fallback providers aren't treated right. For example, the following calls, in that order, will end up with a failed EVP_KEYMGMT_fetch(), even thought the default provider does supply an implementation of the "RSA" keytype. EVP_KEYMGMT *rsameth = NULL; OSSL_PROVIDER_available(NULL, "default"); rsameth = EVP_KEYMGMT_fetch(NULL, "RSA", NULL); For good measure, this also tests that explicit loading of the default provider won't fail. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11926) ----------------------------------------------------------------------- Summary of changes: crypto/provider_core.c | 42 +++++++++++++--- test/build.info | 5 ++ test/provider_fallback_test.c | 57 ++++++++++++++++++++++ ...t_internal_ec.t => 04-test_provider_fallback.t} | 13 +++-- 4 files changed, 103 insertions(+), 14 deletions(-) create mode 100644 test/provider_fallback_test.c copy test/recipes/{03-test_internal_ec.t => 04-test_provider_fallback.t} (52%) diff --git a/crypto/provider_core.c b/crypto/provider_core.c index f8aa5721b4..8b868fdb6b 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -42,7 +42,8 @@ struct provider_store_st; /* Forward declaration */ struct ossl_provider_st { /* Flag bits */ unsigned int flag_initialized:1; - unsigned int flag_fallback:1; + unsigned int flag_fallback:1; /* Can be used as fallback */ + unsigned int flag_activated_as_fallback:1; /* OpenSSL library side data */ CRYPTO_REF_COUNT refcnt; @@ -104,6 +105,24 @@ struct provider_store_st { unsigned int use_fallbacks:1; }; +/* + * provider_deactivate_free() is a wrapper around ossl_provider_free() + * that also makes sure that activated fallback providers are deactivated. + * This is simply done by freeing them an extra time, to compensate for the + * refcount that provider_activate_fallbacks() gives them. + * Since this is only called when the provider store is being emptied, we + * don't need to care about any lock. + */ +static void provider_deactivate_free(OSSL_PROVIDER *prov) +{ + int extra_free = (prov->flag_initialized + && prov->flag_activated_as_fallback); + + if (extra_free) + ossl_provider_free(prov); + ossl_provider_free(prov); +} + static void provider_store_free(void *vstore) { struct provider_store_st *store = vstore; @@ -111,7 +130,7 @@ static void provider_store_free(void *vstore) if (store == NULL) return; OPENSSL_free(store->default_path); - sk_OSSL_PROVIDER_pop_free(store->providers, ossl_provider_free); + sk_OSSL_PROVIDER_pop_free(store->providers, provider_deactivate_free); CRYPTO_THREAD_lock_free(store->lock); OPENSSL_free(store); } @@ -654,13 +673,22 @@ static void provider_activate_fallbacks(struct provider_store_st *store) OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(store->providers, i); /* - * Note that we don't care if the activation succeeds or not. - * If it doesn't succeed, then any attempt to use any of the - * fallback providers will fail anyway. + * Activated fallback providers get an extra refcount, to + * simulate a regular load. + * Note that we don't care if the activation succeeds or not, + * other than to maintain a correct refcount. If the activation + * doesn't succeed, then any future attempt to use the fallback + * provider will fail anyway. */ if (prov->flag_fallback) { - activated_fallback_count++; - provider_activate(prov); + if (ossl_provider_up_ref(prov)) { + if (!provider_activate(prov)) { + ossl_provider_free(prov); + } else { + prov->flag_activated_as_fallback = 1; + activated_fallback_count++; + } + } } } diff --git a/test/build.info b/test/build.info index 9697e55f12..3255a836de 100644 --- a/test/build.info +++ b/test/build.info @@ -731,6 +731,11 @@ IF[{- !$disabled{tests} -}] DEPEND[]=provider_internal_test.cnf GENERATE[provider_internal_test.cnf]=provider_internal_test.cnf.in + PROGRAMS{noinst}=provider_fallback_test + SOURCE[provider_fallback_test]=provider_fallback_test.c + INCLUDE[provider_fallback_test]=../include ../apps/include + DEPEND[provider_fallback_test]=../libcrypto libtestutil.a + PROGRAMS{noinst}=params_test SOURCE[params_test]=params_test.c INCLUDE[params_test]=.. ../include ../apps/include diff --git a/test/provider_fallback_test.c b/test/provider_fallback_test.c new file mode 100644 index 0000000000..ce62184551 --- /dev/null +++ b/test/provider_fallback_test.c @@ -0,0 +1,57 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include "testutil.h" + +static int test_provider(OPENSSL_CTX *ctx) +{ + EVP_KEYMGMT *rsameth = NULL; + const OSSL_PROVIDER *prov = NULL; + int ok; + + ok = TEST_true(OSSL_PROVIDER_available(ctx, "default")) + && TEST_ptr(rsameth = EVP_KEYMGMT_fetch(ctx, "RSA", NULL)) + && TEST_ptr(prov = EVP_KEYMGMT_provider(rsameth)) + && TEST_str_eq(OSSL_PROVIDER_name(prov), "default"); + + EVP_KEYMGMT_free(rsameth); + return ok; +} + +static int test_fallback_provider(void) +{ + return test_provider(NULL); +} + +static int test_explicit_provider(void) +{ + OPENSSL_CTX *ctx = NULL; + OSSL_PROVIDER *prov = NULL; + int ok; + + ok = TEST_ptr(ctx = OPENSSL_CTX_new()) + && TEST_ptr(prov = OSSL_PROVIDER_load(ctx, "default")) + && test_provider(ctx) + && TEST_true(OSSL_PROVIDER_unload(prov)); + + OPENSSL_CTX_free(ctx); + return ok; +} + + +int setup_tests(void) +{ + ADD_TEST(test_fallback_provider); + ADD_TEST(test_explicit_provider); + return 1; +} + diff --git a/test/recipes/03-test_internal_ec.t b/test/recipes/04-test_provider_fallback.t similarity index 52% copy from test/recipes/03-test_internal_ec.t copy to test/recipes/04-test_provider_fallback.t index 0d31d0ac07..39d3b105dc 100644 --- a/test/recipes/03-test_internal_ec.t +++ b/test/recipes/04-test_provider_fallback.t @@ -7,13 +7,12 @@ # https://www.openssl.org/source/license.html use strict; -use OpenSSL::Test; # get 'plan' +use File::Spec; use OpenSSL::Test::Simple; -use OpenSSL::Test::Utils; -setup("test_internal_ec"); +# We must ensure that OPENSSL_CONF points at an empty file. Otherwise, we +# risk that the configuration file contains statements that load providers, +# which defeats the purpose of this test. The NUL device is good enough. +$ENV{OPENSSL_CONF} = File::Spec->devnull(); -plan skip_all => "This test is unsupported in a no-ec build" - if disabled("ec"); - -simple_test("test_internal_ec", "ec_internal_test"); +simple_test("test_provider_fallback", "provider_fallback_test"); From tmraz at fedoraproject.org Thu Jun 4 14:44:13 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Thu, 04 Jun 2020 14:44:13 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1591281853.226283.2931.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 8354f53d40781630eb4caa1a2ce31eca5296aa29 (commit) from e6a80cbad28ee748830815634917efe96948f2f3 (commit) - Log ----------------------------------------------------------------- commit 8354f53d40781630eb4caa1a2ce31eca5296aa29 Author: Vladimir Kotal Date: Mon Aug 12 14:02:52 2019 +0200 enable DECLARE_DEPRECATED macro for Oracle Developer Studio compiler Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9575) ----------------------------------------------------------------------- Summary of changes: CHANGES | 2 +- include/openssl/opensslconf.h.in | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 228408d9f0..8b2fd3f8bd 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,7 @@ Changes between 1.1.1g and 1.1.1h [xx XXX xxxx] - *) + *) The Oracle Developer Studio compiler will start reporting deprecated APIs Changes between 1.1.1f and 1.1.1g [21 Apr 2020] diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index bc98cad51a..ee40809aed 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -77,6 +77,11 @@ extern "C" { # undef DECLARE_DEPRECATED # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); # endif +# elif defined(__SUNPRO_C) +# if (__SUNPRO_C >= 0x5130) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif # endif #endif From beldmit at gmail.com Thu Jun 4 14:45:31 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 04 Jun 2020 14:45:31 +0000 Subject: [openssl] master update Message-ID: <1591281931.933934.5648.nullmailer@dev.openssl.org> The branch master has been updated via c1fd005bfc80412efd7d0807256ef5815997edef (commit) from c8567c392c1dc3dd15651c0d2746a5b87b5a88dd (commit) - Log ----------------------------------------------------------------- commit c1fd005bfc80412efd7d0807256ef5815997edef Author: Otto Hollmann Date: Thu May 28 13:39:33 2020 +0200 Add cipher list ciphersuites which using encryption algorithm in mode CBC. Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/11984) ----------------------------------------------------------------------- Summary of changes: doc/man1/openssl-ciphers.pod.in | 7 +++++++ include/openssl/ssl.h | 1 + ssl/ssl_ciph.c | 1 + ssl/ssl_local.h | 3 +++ 4 files changed, 12 insertions(+) diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in index 07ff9bc1df..b4ed3e51d5 100644 --- a/doc/man1/openssl-ciphers.pod.in +++ b/doc/man1/openssl-ciphers.pod.in @@ -403,6 +403,13 @@ used and only the two suite B compliant cipher suites (ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) are permissible. +=item B + +All cipher suites using encryption algorithm in Cipher Block Chaining (CBC) +mode. These cipher suites are only supported in TLS v1.2 and earlier. Currently +it's an alias for the following cipherstrings: B, B, B, +B, B, B, B, B, B. + =back =head1 CIPHER SUITE NAMES diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 0973f0688d..c039b2a04a 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -138,6 +138,7 @@ extern "C" { # define SSL_TXT_ARIA128 "ARIA128" # define SSL_TXT_ARIA256 "ARIA256" # define SSL_TXT_GOST2012_GOST8912_GOST8912 "GOST2012-GOST8912-GOST8912" +# define SSL_TXT_CBC "CBC" # define SSL_TXT_MD5 "MD5" # define SSL_TXT_SHA1 "SHA1" diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index ec2dabc89a..83710f8431 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -253,6 +253,7 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM}, {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM}, {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM}, + {0, SSL_TXT_CBC, NULL, 0, 0, 0, SSL_CBC}, /* MAC aliases */ {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5}, diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 083141931c..5e2379c093 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -246,6 +246,9 @@ # define SSL_CHACHA20 (SSL_CHACHA20POLY1305) # define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM) # define SSL_ARIA (SSL_ARIAGCM) +# define SSL_CBC (SSL_DES | SSL_3DES | SSL_RC2 | SSL_IDEA \ + | SSL_AES128 | SSL_AES256 | SSL_CAMELLIA128 \ + | SSL_CAMELLIA256 | SSL_SEED) /* Bits for algorithm_mac (symmetric authentication) */ From openssl at openssl.org Thu Jun 4 14:48:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jun 2020 14:48:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1591282111.022745.8948.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs a5a87011ba fix a docs typo d805b83166 Prevent extended tests run unexpectedly in appveyor 23ccae80bd Move EC_METHOD to internal-only e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead 32df13497a Remove getenv(OPENSSL_FIPS) in openssl command 41dccd68b9 Revert the check for NaN in %f format c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses 60d3b5b9ff add FFDH to speed command Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=198, Tests=1992, 724 wallclock secs ( 8.39 usr 1.52 sys + 684.64 cusr 45.68 csys = 740.23 CPU) Result: FAIL Makefile:3099: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3097: recipe for target 'tests' failed make: *** [tests] Error 2 From nic.tuv at gmail.com Thu Jun 4 15:36:02 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Thu, 04 Jun 2020 15:36:02 +0000 Subject: [openssl] master update Message-ID: <1591284962.271911.8198.nullmailer@dev.openssl.org> The branch master has been updated via 00da0f69890874feaa555fafb99b967b861e9118 (commit) from c1fd005bfc80412efd7d0807256ef5815997edef (commit) - Log ----------------------------------------------------------------- commit 00da0f69890874feaa555fafb99b967b861e9118 Author: Nicola Tuveri Date: Tue Jun 2 21:06:48 2020 +0300 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation `crypto/ec/ecp_nistz256.c` contained code sections guarded by a `ECP_NISTZ256_AVX2` define. The relevant comment read: > /* > * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great > * code processing 4 points in parallel, corresponding serial operation > * is several times slower, because it uses 29x29=58-bit multiplication > * as opposite to 64x64=128-bit in integer-only scalar case. As result > * it doesn't provide *significant* performance improvement. Note that > * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work, > * you'd need to compile even asm/ecp_nistz256-avx.pl module. > */ Without diminishing the quality of the original submission, it's evident that this code has been basically unreachable without modifications to the library source code and is under-tested. This commit removes these sections from the codebase. Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/12019) ----------------------------------------------------------------------- Summary of changes: crypto/ec/asm/ecp_nistz256-avx2.pl | 2082 ------------------------------------ crypto/ec/ecp_nistz256.c | 300 +----- 2 files changed, 46 insertions(+), 2336 deletions(-) delete mode 100755 crypto/ec/asm/ecp_nistz256-avx2.pl diff --git a/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/ec/asm/ecp_nistz256-avx2.pl deleted file mode 100755 index 15bca9b099..0000000000 --- a/crypto/ec/asm/ecp_nistz256-avx2.pl +++ /dev/null @@ -1,2082 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# Copyright (c) 2014, Intel Corporation. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) -# (1) Intel Corporation, Israel Development Center, Haifa, Israel -# (2) University of Haifa, Israel -# -# Reference: -# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with -# 256 Bit Primes" - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); - $addx = ($1>=2.23); -} - -if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); - $addx = ($1>=2.10); -} - -if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); - $addx = ($1>=12); -} - -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { - my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 - $avx = ($ver>=3.0) + ($ver>=3.01); - $addx = ($ver>=3.03); -} - -if ($avx>=2) {{ -$digit_size = "\$29"; -$n_digits = "\$9"; - -$code.=<<___; -.text - -.align 64 -.LAVX2_AND_MASK: -.LAVX2_POLY: -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x000001ff, 0x000001ff, 0x000001ff, 0x000001ff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00040000, 0x00040000, 0x00040000, 0x00040000 -.quad 0x1fe00000, 0x1fe00000, 0x1fe00000, 0x1fe00000 -.quad 0x00ffffff, 0x00ffffff, 0x00ffffff, 0x00ffffff - -.LAVX2_POLY_x2: -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x400007FC, 0x400007FC, 0x400007FC, 0x400007FC -.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE -.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE -.quad 0x400FFFFE, 0x400FFFFE, 0x400FFFFE, 0x400FFFFE -.quad 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE -.quad 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC - -.LAVX2_POLY_x8: -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0x80000FF8, 0x80000FF8, 0x80000FF8, 0x80000FF8 -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x801FFFFC, 0x801FFFFC, 0x801FFFFC, 0x801FFFFC -.quad 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC -.quad 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8 - -.LONE: -.quad 0x00000020, 0x00000020, 0x00000020, 0x00000020 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1fffc000, 0x1fffc000, 0x1fffc000, 0x1fffc000 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1f7fffff, 0x1f7fffff, 0x1f7fffff, 0x1f7fffff -.quad 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 - -# RR = 2^266 mod p in AVX2 format, to transform from the native OpenSSL -# Montgomery form (*2^256) to our format (*2^261) - -.LTO_MONT_AVX2: -.quad 0x00000400, 0x00000400, 0x00000400, 0x00000400 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1ff80000, 0x1ff80000, 0x1ff80000, 0x1ff80000 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x0fffffff, 0x0fffffff, 0x0fffffff, 0x0fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x00000003, 0x00000003, 0x00000003, 0x00000003 - -.LFROM_MONT_AVX2: -.quad 0x00000001, 0x00000001, 0x00000001, 0x00000001 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1ffffe00, 0x1ffffe00, 0x1ffffe00, 0x1ffffe00 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1ffbffff, 0x1ffbffff, 0x1ffbffff, 0x1ffbffff -.quad 0x001fffff, 0x001fffff, 0x001fffff, 0x001fffff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 - -.LIntOne: -.long 1,1,1,1,1,1,1,1 -___ - -{ -# This function receives a pointer to an array of four affine points -# (X, Y, <1>) and rearranges the data for AVX2 execution, while -# converting it to 2^29 radix redundant form - -my ($X0,$X1,$X2,$X3, $Y0,$Y1,$Y2,$Y3, - $T0,$T1,$T2,$T3, $T4,$T5,$T6,$T7)=map("%ymm$_",(0..15)); - -$code.=<<___; -.globl ecp_nistz256_avx2_transpose_convert -.type ecp_nistz256_avx2_transpose_convert,\@function,2 -.align 64 -ecp_nistz256_avx2_transpose_convert: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - # Load the data - vmovdqa 32*0(%rsi), $X0 - lea 112(%rsi), %rax # size optimization - vmovdqa 32*1(%rsi), $Y0 - lea .LAVX2_AND_MASK(%rip), %rdx - vmovdqa 32*2(%rsi), $X1 - vmovdqa 32*3(%rsi), $Y1 - vmovdqa 32*4-112(%rax), $X2 - vmovdqa 32*5-112(%rax), $Y2 - vmovdqa 32*6-112(%rax), $X3 - vmovdqa 32*7-112(%rax), $Y3 - - # Transpose X and Y independently - vpunpcklqdq $X1, $X0, $T0 # T0 = [B2 A2 B0 A0] - vpunpcklqdq $X3, $X2, $T1 # T1 = [D2 C2 D0 C0] - vpunpckhqdq $X1, $X0, $T2 # T2 = [B3 A3 B1 A1] - vpunpckhqdq $X3, $X2, $T3 # T3 = [D3 C3 D1 C1] - - vpunpcklqdq $Y1, $Y0, $T4 - vpunpcklqdq $Y3, $Y2, $T5 - vpunpckhqdq $Y1, $Y0, $T6 - vpunpckhqdq $Y3, $Y2, $T7 - - vperm2i128 \$0x20, $T1, $T0, $X0 # X0 = [D0 C0 B0 A0] - vperm2i128 \$0x20, $T3, $T2, $X1 # X1 = [D1 C1 B1 A1] - vperm2i128 \$0x31, $T1, $T0, $X2 # X2 = [D2 C2 B2 A2] - vperm2i128 \$0x31, $T3, $T2, $X3 # X3 = [D3 C3 B3 A3] - - vperm2i128 \$0x20, $T5, $T4, $Y0 - vperm2i128 \$0x20, $T7, $T6, $Y1 - vperm2i128 \$0x31, $T5, $T4, $Y2 - vperm2i128 \$0x31, $T7, $T6, $Y3 - vmovdqa (%rdx), $T7 - - vpand (%rdx), $X0, $T0 # out[0] = in[0] & mask; - vpsrlq \$29, $X0, $X0 - vpand $T7, $X0, $T1 # out[1] = (in[0] >> shift) & mask; - vpsrlq \$29, $X0, $X0 - vpsllq \$6, $X1, $T2 - vpxor $X0, $T2, $T2 - vpand $T7, $T2, $T2 # out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask; - vpsrlq \$23, $X1, $X1 - vpand $T7, $X1, $T3 # out[3] = (in[1] >> ((shift*3)%64)) & mask; - vpsrlq \$29, $X1, $X1 - vpsllq \$12, $X2, $T4 - vpxor $X1, $T4, $T4 - vpand $T7, $T4, $T4 # out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask; - vpsrlq \$17, $X2, $X2 - vpand $T7, $X2, $T5 # out[5] = (in[2] >> ((shift*5)%64)) & mask; - vpsrlq \$29, $X2, $X2 - vpsllq \$18, $X3, $T6 - vpxor $X2, $T6, $T6 - vpand $T7, $T6, $T6 # out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask; - vpsrlq \$11, $X3, $X3 - vmovdqa $T0, 32*0(%rdi) - lea 112(%rdi), %rax # size optimization - vpand $T7, $X3, $T0 # out[7] = (in[3] >> ((shift*7)%64)) & mask; - vpsrlq \$29, $X3, $X3 # out[8] = (in[3] >> ((shift*8)%64)) & mask; - - vmovdqa $T1, 32*1(%rdi) - vmovdqa $T2, 32*2(%rdi) - vmovdqa $T3, 32*3(%rdi) - vmovdqa $T4, 32*4-112(%rax) - vmovdqa $T5, 32*5-112(%rax) - vmovdqa $T6, 32*6-112(%rax) - vmovdqa $T0, 32*7-112(%rax) - vmovdqa $X3, 32*8-112(%rax) - lea 448(%rdi), %rax # size optimization - - vpand $T7, $Y0, $T0 # out[0] = in[0] & mask; - vpsrlq \$29, $Y0, $Y0 - vpand $T7, $Y0, $T1 # out[1] = (in[0] >> shift) & mask; - vpsrlq \$29, $Y0, $Y0 - vpsllq \$6, $Y1, $T2 - vpxor $Y0, $T2, $T2 - vpand $T7, $T2, $T2 # out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask; - vpsrlq \$23, $Y1, $Y1 - vpand $T7, $Y1, $T3 # out[3] = (in[1] >> ((shift*3)%64)) & mask; - vpsrlq \$29, $Y1, $Y1 - vpsllq \$12, $Y2, $T4 - vpxor $Y1, $T4, $T4 - vpand $T7, $T4, $T4 # out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask; - vpsrlq \$17, $Y2, $Y2 - vpand $T7, $Y2, $T5 # out[5] = (in[2] >> ((shift*5)%64)) & mask; - vpsrlq \$29, $Y2, $Y2 - vpsllq \$18, $Y3, $T6 - vpxor $Y2, $T6, $T6 - vpand $T7, $T6, $T6 # out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask; - vpsrlq \$11, $Y3, $Y3 - vmovdqa $T0, 32*9-448(%rax) - vpand $T7, $Y3, $T0 # out[7] = (in[3] >> ((shift*7)%64)) & mask; - vpsrlq \$29, $Y3, $Y3 # out[8] = (in[3] >> ((shift*8)%64)) & mask; - - vmovdqa $T1, 32*10-448(%rax) - vmovdqa $T2, 32*11-448(%rax) - vmovdqa $T3, 32*12-448(%rax) - vmovdqa $T4, 32*13-448(%rax) - vmovdqa $T5, 32*14-448(%rax) - vmovdqa $T6, 32*15-448(%rax) - vmovdqa $T0, 32*16-448(%rax) - vmovdqa $Y3, 32*17-448(%rax) - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_transpose_convert,.-ecp_nistz256_avx2_transpose_convert -___ -} -{ -################################################################################ -# This function receives a pointer to an array of four AVX2 formatted points -# (X, Y, Z) convert the data to normal representation, and rearranges the data - -my ($D0,$D1,$D2,$D3, $D4,$D5,$D6,$D7, $D8)=map("%ymm$_",(0..8)); -my ($T0,$T1,$T2,$T3, $T4,$T5,$T6)=map("%ymm$_",(9..15)); - -$code.=<<___; - -.globl ecp_nistz256_avx2_convert_transpose_back -.type ecp_nistz256_avx2_convert_transpose_back,\@function,2 -.align 32 -ecp_nistz256_avx2_convert_transpose_back: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - mov \$3, %ecx - -.Lconv_loop: - vmovdqa 32*0(%rsi), $D0 - lea 160(%rsi), %rax # size optimization - vmovdqa 32*1(%rsi), $D1 - vmovdqa 32*2(%rsi), $D2 - vmovdqa 32*3(%rsi), $D3 - vmovdqa 32*4-160(%rax), $D4 - vmovdqa 32*5-160(%rax), $D5 - vmovdqa 32*6-160(%rax), $D6 - vmovdqa 32*7-160(%rax), $D7 - vmovdqa 32*8-160(%rax), $D8 - - vpsllq \$29, $D1, $D1 - vpsllq \$58, $D2, $T0 - vpaddq $D1, $D0, $D0 - vpaddq $T0, $D0, $D0 # out[0] = (in[0]) ^ (in[1] << shift*1) ^ (in[2] << shift*2); - - vpsrlq \$6, $D2, $D2 - vpsllq \$23, $D3, $D3 - vpsllq \$52, $D4, $T1 - vpaddq $D2, $D3, $D3 - vpaddq $D3, $T1, $D1 # out[1] = (in[2] >> (64*1-shift*2)) ^ (in[3] << shift*3%64) ^ (in[4] << shift*4%64); - - vpsrlq \$12, $D4, $D4 - vpsllq \$17, $D5, $D5 - vpsllq \$46, $D6, $T2 - vpaddq $D4, $D5, $D5 - vpaddq $D5, $T2, $D2 # out[2] = (in[4] >> (64*2-shift*4)) ^ (in[5] << shift*5%64) ^ (in[6] << shift*6%64); - - vpsrlq \$18, $D6, $D6 - vpsllq \$11, $D7, $D7 - vpsllq \$40, $D8, $T3 - vpaddq $D6, $D7, $D7 - vpaddq $D7, $T3, $D3 # out[3] = (in[6] >> (64*3-shift*6)) ^ (in[7] << shift*7%64) ^ (in[8] << shift*8%64); - - vpunpcklqdq $D1, $D0, $T0 # T0 = [B2 A2 B0 A0] - vpunpcklqdq $D3, $D2, $T1 # T1 = [D2 C2 D0 C0] - vpunpckhqdq $D1, $D0, $T2 # T2 = [B3 A3 B1 A1] - vpunpckhqdq $D3, $D2, $T3 # T3 = [D3 C3 D1 C1] - - vperm2i128 \$0x20, $T1, $T0, $D0 # X0 = [D0 C0 B0 A0] - vperm2i128 \$0x20, $T3, $T2, $D1 # X1 = [D1 C1 B1 A1] - vperm2i128 \$0x31, $T1, $T0, $D2 # X2 = [D2 C2 B2 A2] - vperm2i128 \$0x31, $T3, $T2, $D3 # X3 = [D3 C3 B3 A3] - - vmovdqa $D0, 32*0(%rdi) - vmovdqa $D1, 32*3(%rdi) - vmovdqa $D2, 32*6(%rdi) - vmovdqa $D3, 32*9(%rdi) - - lea 32*9(%rsi), %rsi - lea 32*1(%rdi), %rdi - - dec %ecx - jnz .Lconv_loop - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_convert_transpose_back,.-ecp_nistz256_avx2_convert_transpose_back -___ -} -{ -my ($r_ptr,$a_ptr,$b_ptr,$itr)=("%rdi","%rsi","%rdx","%ecx"); -my ($ACC0,$ACC1,$ACC2,$ACC3,$ACC4,$ACC5,$ACC6,$ACC7,$ACC8)=map("%ymm$_",(0..8)); -my ($B,$Y,$T0,$AND_MASK,$OVERFLOW)=map("%ymm$_",(9..13)); - -sub NORMALIZE { -my $ret=<<___; - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 -___ - $ret; -} - -sub STORE { -my $ret=<<___; - vmovdqa $ACC0, 32*0(%rdi) - lea 160(%rdi), %rax # size optimization - vmovdqa $ACC1, 32*1(%rdi) - vmovdqa $ACC2, 32*2(%rdi) - vmovdqa $ACC3, 32*3(%rdi) - vmovdqa $ACC4, 32*4-160(%rax) - vmovdqa $ACC5, 32*5-160(%rax) - vmovdqa $ACC6, 32*6-160(%rax) - vmovdqa $ACC7, 32*7-160(%rax) - vmovdqa $ACC8, 32*8-160(%rax) -___ - $ret; -} - -$code.=<<___; -.type avx2_normalize,\@abi-omnipotent -.align 32 -avx2_normalize: - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 - - ret -.size avx2_normalize,.-avx2_normalize - -.type avx2_normalize_n_store,\@abi-omnipotent -.align 32 -avx2_normalize_n_store: - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vmovdqa $ACC0, 32*0(%rdi) - lea 160(%rdi), %rax # size optimization - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vmovdqa $ACC1, 32*1(%rdi) - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vmovdqa $ACC2, 32*2(%rdi) - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vmovdqa $ACC3, 32*3(%rdi) - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vmovdqa $ACC4, 32*4-160(%rax) - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vmovdqa $ACC5, 32*5-160(%rax) - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vmovdqa $ACC6, 32*6-160(%rax) - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 - vmovdqa $ACC7, 32*7-160(%rax) - vmovdqa $ACC8, 32*8-160(%rax) - - ret -.size avx2_normalize_n_store,.-avx2_normalize_n_store - -################################################################################ -# void avx2_mul_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_mul_x4,\@abi-omnipotent -.align 32 -avx2_mul_x4: - lea .LAVX2_POLY(%rip), %rax - - vpxor $ACC0, $ACC0, $ACC0 - vpxor $ACC1, $ACC1, $ACC1 - vpxor $ACC2, $ACC2, $ACC2 - vpxor $ACC3, $ACC3, $ACC3 - vpxor $ACC4, $ACC4, $ACC4 - vpxor $ACC5, $ACC5, $ACC5 - vpxor $ACC6, $ACC6, $ACC6 - vpxor $ACC7, $ACC7, $ACC7 - - vmovdqa 32*7(%rax), %ymm14 - vmovdqa 32*8(%rax), %ymm15 - - mov $n_digits, $itr - lea -512($a_ptr), $a_ptr # strategic bias to control u-op density - jmp .Lavx2_mul_x4_loop - -.align 32 -.Lavx2_mul_x4_loop: - vmovdqa 32*0($b_ptr), $B - lea 32*1($b_ptr), $b_ptr - - vpmuludq 32*0+512($a_ptr), $B, $T0 - vpmuludq 32*1+512($a_ptr), $B, $OVERFLOW # borrow $OVERFLOW - vpaddq $T0, $ACC0, $ACC0 - vpmuludq 32*2+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC1, $ACC1 - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*3+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*4+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*5+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*6+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*7+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - # Skip some multiplications, optimizing for the constant poly - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*8+512($a_ptr), $B, $ACC8 - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - .byte 0x67 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $OVERFLOW - .byte 0x67 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $T0 - vpaddq $OVERFLOW, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $OVERFLOW - vpaddq $T0, $ACC7, $ACC6 - vpaddq $OVERFLOW, $ACC8, $ACC7 - - dec $itr - jnz .Lavx2_mul_x4_loop - - vpxor $ACC8, $ACC8, $ACC8 - - ret -.size avx2_mul_x4,.-avx2_mul_x4 - -# Function optimized for the constant 1 -################################################################################ -# void avx2_mul_by1_x4(void* RESULTx4, void *Ax4); -.type avx2_mul_by1_x4,\@abi-omnipotent -.align 32 -avx2_mul_by1_x4: - lea .LAVX2_POLY(%rip), %rax - - vpxor $ACC0, $ACC0, $ACC0 - vpxor $ACC1, $ACC1, $ACC1 - vpxor $ACC2, $ACC2, $ACC2 - vpxor $ACC3, $ACC3, $ACC3 - vpxor $ACC4, $ACC4, $ACC4 - vpxor $ACC5, $ACC5, $ACC5 - vpxor $ACC6, $ACC6, $ACC6 - vpxor $ACC7, $ACC7, $ACC7 - vpxor $ACC8, $ACC8, $ACC8 - - vmovdqa 32*3+.LONE(%rip), %ymm14 - vmovdqa 32*7+.LONE(%rip), %ymm15 - - mov $n_digits, $itr - jmp .Lavx2_mul_by1_x4_loop - -.align 32 -.Lavx2_mul_by1_x4_loop: - vmovdqa 32*0($a_ptr), $B - .byte 0x48,0x8d,0xb6,0x20,0,0,0 # lea 32*1($a_ptr), $a_ptr - - vpsllq \$5, $B, $OVERFLOW - vpmuludq %ymm14, $B, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC3 - .byte 0x67 - vpmuludq $AND_MASK, $B, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $T0, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - vpsllq \$23, $B, $T0 - - .byte 0x67,0x67 - vpmuludq %ymm15, $B, $OVERFLOW - vpsubq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - .byte 0x67,0x67 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $OVERFLOW - vmovdqa $ACC5, $ACC4 - vpmuludq 32*7(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC6, $ACC5 - vpaddq $T0, $ACC7, $ACC6 - vpmuludq 32*8(%rax), $Y, $ACC7 - - dec $itr - jnz .Lavx2_mul_by1_x4_loop - - ret -.size avx2_mul_by1_x4,.-avx2_mul_by1_x4 - -################################################################################ -# void avx2_sqr_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_sqr_x4,\@abi-omnipotent -.align 32 -avx2_sqr_x4: - lea .LAVX2_POLY(%rip), %rax - - vmovdqa 32*7(%rax), %ymm14 - vmovdqa 32*8(%rax), %ymm15 - - vmovdqa 32*0($a_ptr), $B - vmovdqa 32*1($a_ptr), $ACC1 - vmovdqa 32*2($a_ptr), $ACC2 - vmovdqa 32*3($a_ptr), $ACC3 - vmovdqa 32*4($a_ptr), $ACC4 - vmovdqa 32*5($a_ptr), $ACC5 - vmovdqa 32*6($a_ptr), $ACC6 - vmovdqa 32*7($a_ptr), $ACC7 - vpaddq $ACC1, $ACC1, $ACC1 # 2*$ACC0..7 - vmovdqa 32*8($a_ptr), $ACC8 - vpaddq $ACC2, $ACC2, $ACC2 - vmovdqa $ACC1, 32*0(%rcx) - vpaddq $ACC3, $ACC3, $ACC3 - vmovdqa $ACC2, 32*1(%rcx) - vpaddq $ACC4, $ACC4, $ACC4 - vmovdqa $ACC3, 32*2(%rcx) - vpaddq $ACC5, $ACC5, $ACC5 - vmovdqa $ACC4, 32*3(%rcx) - vpaddq $ACC6, $ACC6, $ACC6 - vmovdqa $ACC5, 32*4(%rcx) - vpaddq $ACC7, $ACC7, $ACC7 - vmovdqa $ACC6, 32*5(%rcx) - vpaddq $ACC8, $ACC8, $ACC8 - vmovdqa $ACC7, 32*6(%rcx) - vmovdqa $ACC8, 32*7(%rcx) - - #itr 1 - vpmuludq $B, $B, $ACC0 - vpmuludq $B, $ACC1, $ACC1 - vpand $AND_MASK, $ACC0, $Y - vpmuludq $B, $ACC2, $ACC2 - vpmuludq $B, $ACC3, $ACC3 - vpmuludq $B, $ACC4, $ACC4 - vpmuludq $B, $ACC5, $ACC5 - vpmuludq $B, $ACC6, $ACC6 - vpmuludq $AND_MASK, $Y, $T0 - vpmuludq $B, $ACC7, $ACC7 - vpmuludq $B, $ACC8, $ACC8 - vmovdqa 32*1($a_ptr), $B - - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 2 - vpmuludq $B, $B, $OVERFLOW - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*1(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC1, $ACC1 - vpmuludq 32*2(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*2($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 3 - vpmuludq $B, $B, $T0 - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*2(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*3($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 4 - vpmuludq $B, $B, $OVERFLOW - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*4($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 5 - vpmuludq $B, $B, $T0 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*5($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3+.LAVX2_POLY(%rip), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 6 - vpmuludq $B, $B, $OVERFLOW - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*6($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 7 - vpmuludq $B, $B, $T0 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*7($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 8 - vpmuludq $B, $B, $OVERFLOW - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*8($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 9 - vpmuludq $B, $B, $ACC8 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - vpxor $ACC8, $ACC8, $ACC8 - - ret -.size avx2_sqr_x4,.-avx2_sqr_x4 - -################################################################################ -# void avx2_sub_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_sub_x4,\@abi-omnipotent -.align 32 -avx2_sub_x4: - vmovdqa 32*0($a_ptr), $ACC0 - lea 160($a_ptr), $a_ptr - lea .LAVX2_POLY_x8+128(%rip), %rax - lea 128($b_ptr), $b_ptr - vmovdqa 32*1-160($a_ptr), $ACC1 - vmovdqa 32*2-160($a_ptr), $ACC2 - vmovdqa 32*3-160($a_ptr), $ACC3 - vmovdqa 32*4-160($a_ptr), $ACC4 - vmovdqa 32*5-160($a_ptr), $ACC5 - vmovdqa 32*6-160($a_ptr), $ACC6 - vmovdqa 32*7-160($a_ptr), $ACC7 - vmovdqa 32*8-160($a_ptr), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128($b_ptr), $ACC0, $ACC0 - vpsubq 32*1-128($b_ptr), $ACC1, $ACC1 - vpsubq 32*2-128($b_ptr), $ACC2, $ACC2 - vpsubq 32*3-128($b_ptr), $ACC3, $ACC3 - vpsubq 32*4-128($b_ptr), $ACC4, $ACC4 - vpsubq 32*5-128($b_ptr), $ACC5, $ACC5 - vpsubq 32*6-128($b_ptr), $ACC6, $ACC6 - vpsubq 32*7-128($b_ptr), $ACC7, $ACC7 - vpsubq 32*8-128($b_ptr), $ACC8, $ACC8 - - ret -.size avx2_sub_x4,.-avx2_sub_x4 - -.type avx2_select_n_store,\@abi-omnipotent -.align 32 -avx2_select_n_store: - vmovdqa `8+32*9*8`(%rsp), $Y - vpor `8+32*9*8+32`(%rsp), $Y, $Y - - vpandn $ACC0, $Y, $ACC0 - vpandn $ACC1, $Y, $ACC1 - vpandn $ACC2, $Y, $ACC2 - vpandn $ACC3, $Y, $ACC3 - vpandn $ACC4, $Y, $ACC4 - vpandn $ACC5, $Y, $ACC5 - vpandn $ACC6, $Y, $ACC6 - vmovdqa `8+32*9*8+32`(%rsp), $B - vpandn $ACC7, $Y, $ACC7 - vpandn `8+32*9*8`(%rsp), $B, $B - vpandn $ACC8, $Y, $ACC8 - - vpand 32*0(%rsi), $B, $T0 - lea 160(%rsi), %rax - vpand 32*1(%rsi), $B, $Y - vpxor $T0, $ACC0, $ACC0 - vpand 32*2(%rsi), $B, $T0 - vpxor $Y, $ACC1, $ACC1 - vpand 32*3(%rsi), $B, $Y - vpxor $T0, $ACC2, $ACC2 - vpand 32*4-160(%rax), $B, $T0 - vpxor $Y, $ACC3, $ACC3 - vpand 32*5-160(%rax), $B, $Y - vpxor $T0, $ACC4, $ACC4 - vpand 32*6-160(%rax), $B, $T0 - vpxor $Y, $ACC5, $ACC5 - vpand 32*7-160(%rax), $B, $Y - vpxor $T0, $ACC6, $ACC6 - vpand 32*8-160(%rax), $B, $T0 - vmovdqa `8+32*9*8+32`(%rsp), $B - vpxor $Y, $ACC7, $ACC7 - - vpand 32*0(%rdx), $B, $Y - lea 160(%rdx), %rax - vpxor $T0, $ACC8, $ACC8 - vpand 32*1(%rdx), $B, $T0 - vpxor $Y, $ACC0, $ACC0 - vpand 32*2(%rdx), $B, $Y - vpxor $T0, $ACC1, $ACC1 - vpand 32*3(%rdx), $B, $T0 - vpxor $Y, $ACC2, $ACC2 - vpand 32*4-160(%rax), $B, $Y - vpxor $T0, $ACC3, $ACC3 - vpand 32*5-160(%rax), $B, $T0 - vpxor $Y, $ACC4, $ACC4 - vpand 32*6-160(%rax), $B, $Y - vpxor $T0, $ACC5, $ACC5 - vpand 32*7-160(%rax), $B, $T0 - vpxor $Y, $ACC6, $ACC6 - vpand 32*8-160(%rax), $B, $Y - vpxor $T0, $ACC7, $ACC7 - vpxor $Y, $ACC8, $ACC8 - `&STORE` - - ret -.size avx2_select_n_store,.-avx2_select_n_store -___ -$code.=<<___ if (0); # inlined -################################################################################ -# void avx2_mul_by2_x4(void* RESULTx4, void *Ax4); -.type avx2_mul_by2_x4,\@abi-omnipotent -.align 32 -avx2_mul_by2_x4: - vmovdqa 32*0($a_ptr), $ACC0 - lea 160($a_ptr), %rax - vmovdqa 32*1($a_ptr), $ACC1 - vmovdqa 32*2($a_ptr), $ACC2 - vmovdqa 32*3($a_ptr), $ACC3 - vmovdqa 32*4-160(%rax), $ACC4 - vmovdqa 32*5-160(%rax), $ACC5 - vmovdqa 32*6-160(%rax), $ACC6 - vmovdqa 32*7-160(%rax), $ACC7 - vmovdqa 32*8-160(%rax), $ACC8 - - vpaddq $ACC0, $ACC0, $ACC0 - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - - ret -.size avx2_mul_by2_x4,.-avx2_mul_by2_x4 -___ -my ($r_ptr_in,$a_ptr_in,$b_ptr_in)=("%rdi","%rsi","%rdx"); -my ($r_ptr,$a_ptr,$b_ptr)=("%r8","%r9","%r10"); - -$code.=<<___; -################################################################################ -# void ecp_nistz256_avx2_point_add_affine_x4(void* RESULTx4, void *Ax4, void *Bx4); -.globl ecp_nistz256_avx2_point_add_affine_x4 -.type ecp_nistz256_avx2_point_add_affine_x4,\@function,3 -.align 32 -ecp_nistz256_avx2_point_add_affine_x4: - mov %rsp, %rax - push %rbp - vzeroupper -___ -$code.=<<___ if ($win64); - lea -16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea -8(%rax), %rbp - -# Result + 32*0 = Result.X -# Result + 32*9 = Result.Y -# Result + 32*18 = Result.Z - -# A + 32*0 = A.X -# A + 32*9 = A.Y -# A + 32*18 = A.Z - -# B + 32*0 = B.X -# B + 32*9 = B.Y - - sub \$`32*9*8+32*2+32*8`, %rsp - and \$-64, %rsp - - mov $r_ptr_in, $r_ptr - mov $a_ptr_in, $a_ptr - mov $b_ptr_in, $b_ptr - - vmovdqa 32*0($a_ptr_in), %ymm0 - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - vpxor %ymm1, %ymm1, %ymm1 - lea 256($a_ptr_in), %rax # size optimization - vpor 32*1($a_ptr_in), %ymm0, %ymm0 - vpor 32*2($a_ptr_in), %ymm0, %ymm0 - vpor 32*3($a_ptr_in), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8`(%rsp) - - vpxor %ymm1, %ymm1, %ymm1 - vmovdqa 32*0($b_ptr), %ymm0 - lea 256($b_ptr), %rax # size optimization - vpor 32*1($b_ptr), %ymm0, %ymm0 - vpor 32*2($b_ptr), %ymm0, %ymm0 - vpor 32*3($b_ptr), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8+32`(%rsp) - - # Z1^2 = Z1*Z1 - lea `32*9*2`($a_ptr), %rsi - lea `32*9*2`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # U2 = X2*Z1^2 - lea `32*9*0`($b_ptr), %rsi - lea `32*9*2`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # S2 = Z1*Z1^2 = Z1^3 - lea `32*9*2`($a_ptr), %rsi - lea `32*9*2`(%rsp), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # S2 = S2*Y2 = Y2*Z1^3 - lea `32*9*1`($b_ptr), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # H = U2 - U1 = U2 - X1 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($a_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # R = S2 - S1 = S2 - Y1 - lea `32*9*1`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*4`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # Z3 = H*Z1*Z2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*2`($a_ptr), %rdx - lea `32*9*2`($r_ptr), %rdi - call avx2_mul_x4 - call avx2_normalize - - lea .LONE(%rip), %rsi - lea `32*9*2`($a_ptr), %rdx - call avx2_select_n_store - - # R^2 = R^2 - lea `32*9*4`(%rsp), %rsi - lea `32*9*6`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^2 = H^2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdi - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^3 = H^2*H - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*7`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # U2 = U1*H^2 - lea `32*9*0`($a_ptr), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # Hsqr = U2*2 - #lea 32*9*0(%rsp), %rsi - #lea 32*9*5(%rsp), %rdi - #call avx2_mul_by2_x4 - - vpaddq $ACC0, $ACC0, $ACC0 # inlined avx2_mul_by2_x4 - lea `32*9*5`(%rsp), %rdi - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - call avx2_normalize_n_store - - # X3 = R^2 - H^3 - #lea 32*9*6(%rsp), %rsi - #lea 32*9*7(%rsp), %rdx - #lea 32*9*5(%rsp), %rcx - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - # X3 = X3 - U2*2 - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - lea `32*9*6+128`(%rsp), %rsi - lea .LAVX2_POLY_x2+128(%rip), %rax - lea `32*9*7+128`(%rsp), %rdx - lea `32*9*5+128`(%rsp), %rcx - lea `32*9*0`($r_ptr), %rdi - - vmovdqa 32*0-128(%rsi), $ACC0 - vmovdqa 32*1-128(%rsi), $ACC1 - vmovdqa 32*2-128(%rsi), $ACC2 - vmovdqa 32*3-128(%rsi), $ACC3 - vmovdqa 32*4-128(%rsi), $ACC4 - vmovdqa 32*5-128(%rsi), $ACC5 - vmovdqa 32*6-128(%rsi), $ACC6 - vmovdqa 32*7-128(%rsi), $ACC7 - vmovdqa 32*8-128(%rsi), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128(%rdx), $ACC0, $ACC0 - vpsubq 32*1-128(%rdx), $ACC1, $ACC1 - vpsubq 32*2-128(%rdx), $ACC2, $ACC2 - vpsubq 32*3-128(%rdx), $ACC3, $ACC3 - vpsubq 32*4-128(%rdx), $ACC4, $ACC4 - vpsubq 32*5-128(%rdx), $ACC5, $ACC5 - vpsubq 32*6-128(%rdx), $ACC6, $ACC6 - vpsubq 32*7-128(%rdx), $ACC7, $ACC7 - vpsubq 32*8-128(%rdx), $ACC8, $ACC8 - - vpsubq 32*0-128(%rcx), $ACC0, $ACC0 - vpsubq 32*1-128(%rcx), $ACC1, $ACC1 - vpsubq 32*2-128(%rcx), $ACC2, $ACC2 - vpsubq 32*3-128(%rcx), $ACC3, $ACC3 - vpsubq 32*4-128(%rcx), $ACC4, $ACC4 - vpsubq 32*5-128(%rcx), $ACC5, $ACC5 - vpsubq 32*6-128(%rcx), $ACC6, $ACC6 - vpsubq 32*7-128(%rcx), $ACC7, $ACC7 - vpsubq 32*8-128(%rcx), $ACC8, $ACC8 - call avx2_normalize - - lea 32*0($b_ptr), %rsi - lea 32*0($a_ptr), %rdx - call avx2_select_n_store - - # H = U2 - X3 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($r_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*4`(%rsp), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*7`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`($r_ptr), %rdi - call avx2_sub_x4 - call avx2_normalize - - lea 32*9($b_ptr), %rsi - lea 32*9($a_ptr), %rdx - call avx2_select_n_store - - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_mul_by1_x4 - #NORMALIZE - #STORE - - lea `32*9*1`($r_ptr), %rsi - lea `32*9*1`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps %xmm6, -16*10(%rbp) - movaps %xmm7, -16*9(%rbp) - movaps %xmm8, -16*8(%rbp) - movaps %xmm9, -16*7(%rbp) - movaps %xmm10, -16*6(%rbp) - movaps %xmm11, -16*5(%rbp) - movaps %xmm12, -16*4(%rbp) - movaps %xmm13, -16*3(%rbp) - movaps %xmm14, -16*2(%rbp) - movaps %xmm15, -16*1(%rbp) -___ -$code.=<<___; - mov %rbp, %rsp - pop %rbp - ret -.size ecp_nistz256_avx2_point_add_affine_x4,.-ecp_nistz256_avx2_point_add_affine_x4 - -################################################################################ -# void ecp_nistz256_avx2_point_add_affines_x4(void* RESULTx4, void *Ax4, void *Bx4); -.globl ecp_nistz256_avx2_point_add_affines_x4 -.type ecp_nistz256_avx2_point_add_affines_x4,\@function,3 -.align 32 -ecp_nistz256_avx2_point_add_affines_x4: - mov %rsp, %rax - push %rbp - vzeroupper -___ -$code.=<<___ if ($win64); - lea -16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea -8(%rax), %rbp - -# Result + 32*0 = Result.X -# Result + 32*9 = Result.Y -# Result + 32*18 = Result.Z - -# A + 32*0 = A.X -# A + 32*9 = A.Y - -# B + 32*0 = B.X -# B + 32*9 = B.Y - - sub \$`32*9*8+32*2+32*8`, %rsp - and \$-64, %rsp - - mov $r_ptr_in, $r_ptr - mov $a_ptr_in, $a_ptr - mov $b_ptr_in, $b_ptr - - vmovdqa 32*0($a_ptr_in), %ymm0 - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - vpxor %ymm1, %ymm1, %ymm1 - lea 256($a_ptr_in), %rax # size optimization - vpor 32*1($a_ptr_in), %ymm0, %ymm0 - vpor 32*2($a_ptr_in), %ymm0, %ymm0 - vpor 32*3($a_ptr_in), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8`(%rsp) - - vpxor %ymm1, %ymm1, %ymm1 - vmovdqa 32*0($b_ptr), %ymm0 - lea 256($b_ptr), %rax # size optimization - vpor 32*1($b_ptr), %ymm0, %ymm0 - vpor 32*2($b_ptr), %ymm0, %ymm0 - vpor 32*3($b_ptr), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8+32`(%rsp) - - # H = U2 - U1 = X2 - X1 - lea `32*9*0`($b_ptr), %rsi - lea `32*9*0`($a_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # R = S2 - S1 = Y2 - Y1 - lea `32*9*1`($b_ptr), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*4`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # Z3 = H*Z1*Z2 = H - lea `32*9*3`(%rsp), %rsi - lea `32*9*2`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize - - vmovdqa `32*9*8`(%rsp), $B - vpor `32*9*8+32`(%rsp), $B, $B - - vpandn $ACC0, $B, $ACC0 - lea .LONE+128(%rip), %rax - vpandn $ACC1, $B, $ACC1 - vpandn $ACC2, $B, $ACC2 - vpandn $ACC3, $B, $ACC3 - vpandn $ACC4, $B, $ACC4 - vpandn $ACC5, $B, $ACC5 - vpandn $ACC6, $B, $ACC6 - vpandn $ACC7, $B, $ACC7 - - vpand 32*0-128(%rax), $B, $T0 - vpandn $ACC8, $B, $ACC8 - vpand 32*1-128(%rax), $B, $Y - vpxor $T0, $ACC0, $ACC0 - vpand 32*2-128(%rax), $B, $T0 - vpxor $Y, $ACC1, $ACC1 - vpand 32*3-128(%rax), $B, $Y - vpxor $T0, $ACC2, $ACC2 - vpand 32*4-128(%rax), $B, $T0 - vpxor $Y, $ACC3, $ACC3 - vpand 32*5-128(%rax), $B, $Y - vpxor $T0, $ACC4, $ACC4 - vpand 32*6-128(%rax), $B, $T0 - vpxor $Y, $ACC5, $ACC5 - vpand 32*7-128(%rax), $B, $Y - vpxor $T0, $ACC6, $ACC6 - vpand 32*8-128(%rax), $B, $T0 - vpxor $Y, $ACC7, $ACC7 - vpxor $T0, $ACC8, $ACC8 - `&STORE` - - # R^2 = R^2 - lea `32*9*4`(%rsp), %rsi - lea `32*9*6`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^2 = H^2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdi - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^3 = H^2*H - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*7`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # U2 = U1*H^2 - lea `32*9*0`($a_ptr), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # Hsqr = U2*2 - #lea 32*9*0(%rsp), %rsi - #lea 32*9*5(%rsp), %rdi - #call avx2_mul_by2_x4 - - vpaddq $ACC0, $ACC0, $ACC0 # inlined avx2_mul_by2_x4 - lea `32*9*5`(%rsp), %rdi - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - call avx2_normalize_n_store - - # X3 = R^2 - H^3 - #lea 32*9*6(%rsp), %rsi - #lea 32*9*7(%rsp), %rdx - #lea 32*9*5(%rsp), %rcx - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - # X3 = X3 - U2*2 - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - lea `32*9*6+128`(%rsp), %rsi - lea .LAVX2_POLY_x2+128(%rip), %rax - lea `32*9*7+128`(%rsp), %rdx - lea `32*9*5+128`(%rsp), %rcx - lea `32*9*0`($r_ptr), %rdi - - vmovdqa 32*0-128(%rsi), $ACC0 - vmovdqa 32*1-128(%rsi), $ACC1 - vmovdqa 32*2-128(%rsi), $ACC2 - vmovdqa 32*3-128(%rsi), $ACC3 - vmovdqa 32*4-128(%rsi), $ACC4 - vmovdqa 32*5-128(%rsi), $ACC5 - vmovdqa 32*6-128(%rsi), $ACC6 - vmovdqa 32*7-128(%rsi), $ACC7 - vmovdqa 32*8-128(%rsi), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128(%rdx), $ACC0, $ACC0 - vpsubq 32*1-128(%rdx), $ACC1, $ACC1 - vpsubq 32*2-128(%rdx), $ACC2, $ACC2 - vpsubq 32*3-128(%rdx), $ACC3, $ACC3 - vpsubq 32*4-128(%rdx), $ACC4, $ACC4 - vpsubq 32*5-128(%rdx), $ACC5, $ACC5 - vpsubq 32*6-128(%rdx), $ACC6, $ACC6 - vpsubq 32*7-128(%rdx), $ACC7, $ACC7 - vpsubq 32*8-128(%rdx), $ACC8, $ACC8 - - vpsubq 32*0-128(%rcx), $ACC0, $ACC0 - vpsubq 32*1-128(%rcx), $ACC1, $ACC1 - vpsubq 32*2-128(%rcx), $ACC2, $ACC2 - vpsubq 32*3-128(%rcx), $ACC3, $ACC3 - vpsubq 32*4-128(%rcx), $ACC4, $ACC4 - vpsubq 32*5-128(%rcx), $ACC5, $ACC5 - vpsubq 32*6-128(%rcx), $ACC6, $ACC6 - vpsubq 32*7-128(%rcx), $ACC7, $ACC7 - vpsubq 32*8-128(%rcx), $ACC8, $ACC8 - call avx2_normalize - - lea 32*0($b_ptr), %rsi - lea 32*0($a_ptr), %rdx - call avx2_select_n_store - - # H = U2 - X3 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($r_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # H = H*R - lea `32*9*3`(%rsp), %rsi - lea `32*9*4`(%rsp), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # S2 = S1 * H^3 - lea `32*9*7`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`($r_ptr), %rdi - call avx2_sub_x4 - call avx2_normalize - - lea 32*9($b_ptr), %rsi - lea 32*9($a_ptr), %rdx - call avx2_select_n_store - - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_mul_by1_x4 - #NORMALIZE - #STORE - - lea `32*9*1`($r_ptr), %rsi - lea `32*9*1`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps %xmm6, -16*10(%rbp) - movaps %xmm7, -16*9(%rbp) - movaps %xmm8, -16*8(%rbp) - movaps %xmm9, -16*7(%rbp) - movaps %xmm10, -16*6(%rbp) - movaps %xmm11, -16*5(%rbp) - movaps %xmm12, -16*4(%rbp) - movaps %xmm13, -16*3(%rbp) - movaps %xmm14, -16*2(%rbp) - movaps %xmm15, -16*1(%rbp) -___ -$code.=<<___; - mov %rbp, %rsp - pop %rbp - ret -.size ecp_nistz256_avx2_point_add_affines_x4,.-ecp_nistz256_avx2_point_add_affines_x4 - -################################################################################ -# void ecp_nistz256_avx2_to_mont(void* RESULTx4, void *Ax4); -.globl ecp_nistz256_avx2_to_mont -.type ecp_nistz256_avx2_to_mont,\@function,2 -.align 32 -ecp_nistz256_avx2_to_mont: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - lea .LTO_MONT_AVX2(%rip), %rdx - call avx2_mul_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_to_mont,.-ecp_nistz256_avx2_to_mont - -################################################################################ -# void ecp_nistz256_avx2_from_mont(void* RESULTx4, void *Ax4); -.globl ecp_nistz256_avx2_from_mont -.type ecp_nistz256_avx2_from_mont,\@function,2 -.align 32 -ecp_nistz256_avx2_from_mont: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - lea .LFROM_MONT_AVX2(%rip), %rdx - call avx2_mul_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_from_mont,.-ecp_nistz256_avx2_from_mont - -################################################################################ -# void ecp_nistz256_avx2_set1(void* RESULTx4); -.globl ecp_nistz256_avx2_set1 -.type ecp_nistz256_avx2_set1,\@function,1 -.align 32 -ecp_nistz256_avx2_set1: - lea .LONE+128(%rip), %rax - lea 128(%rdi), %rdi - vzeroupper - vmovdqa 32*0-128(%rax), %ymm0 - vmovdqa 32*1-128(%rax), %ymm1 - vmovdqa 32*2-128(%rax), %ymm2 - vmovdqa 32*3-128(%rax), %ymm3 - vmovdqa 32*4-128(%rax), %ymm4 - vmovdqa 32*5-128(%rax), %ymm5 - vmovdqa %ymm0, 32*0-128(%rdi) - vmovdqa 32*6-128(%rax), %ymm0 - vmovdqa %ymm1, 32*1-128(%rdi) - vmovdqa 32*7-128(%rax), %ymm1 - vmovdqa %ymm2, 32*2-128(%rdi) - vmovdqa 32*8-128(%rax), %ymm2 - vmovdqa %ymm3, 32*3-128(%rdi) - vmovdqa %ymm4, 32*4-128(%rdi) - vmovdqa %ymm5, 32*5-128(%rdi) - vmovdqa %ymm0, 32*6-128(%rdi) - vmovdqa %ymm1, 32*7-128(%rdi) - vmovdqa %ymm2, 32*8-128(%rdi) - - vzeroupper - ret -.size ecp_nistz256_avx2_set1,.-ecp_nistz256_avx2_set1 -___ -} -{ -################################################################################ -# void ecp_nistz256_avx2_multi_gather_w7(void* RESULT, void *in, -# int index0, int index1, int index2, int index3); -################################################################################ - -my ($val,$in_t,$index0,$index1,$index2,$index3)=("%rdi","%rsi","%edx","%ecx","%r8d","%r9d"); -my ($INDEX0,$INDEX1,$INDEX2,$INDEX3)=map("%ymm$_",(0..3)); -my ($R0a,$R0b,$R1a,$R1b,$R2a,$R2b,$R3a,$R3b)=map("%ymm$_",(4..11)); -my ($M0,$T0,$T1,$TMP0)=map("%ymm$_",(12..15)); - -$code.=<<___; -.globl ecp_nistz256_avx2_multi_gather_w7 -.type ecp_nistz256_avx2_multi_gather_w7,\@function,6 -.align 32 -ecp_nistz256_avx2_multi_gather_w7: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea .LIntOne(%rip), %rax - - vmovd $index0, %xmm0 - vmovd $index1, %xmm1 - vmovd $index2, %xmm2 - vmovd $index3, %xmm3 - - vpxor $R0a, $R0a, $R0a - vpxor $R0b, $R0b, $R0b - vpxor $R1a, $R1a, $R1a - vpxor $R1b, $R1b, $R1b - vpxor $R2a, $R2a, $R2a - vpxor $R2b, $R2b, $R2b - vpxor $R3a, $R3a, $R3a - vpxor $R3b, $R3b, $R3b - vmovdqa (%rax), $M0 - - vpermd $INDEX0, $R0a, $INDEX0 - vpermd $INDEX1, $R0a, $INDEX1 - vpermd $INDEX2, $R0a, $INDEX2 - vpermd $INDEX3, $R0a, $INDEX3 - - mov \$64, %ecx - lea 112($val), $val # size optimization - jmp .Lmulti_select_loop_avx2 - -# INDEX=0, corresponds to the point at infty (0,0) -.align 32 -.Lmulti_select_loop_avx2: - vpcmpeqd $INDEX0, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*0`($in_t), $T0 - vmovdqa `32*1+32*64*2*0`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R0a, $R0a - vpxor $T1, $R0b, $R0b - - vpcmpeqd $INDEX1, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*1`($in_t), $T0 - vmovdqa `32*1+32*64*2*1`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R1a, $R1a - vpxor $T1, $R1b, $R1b - - vpcmpeqd $INDEX2, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*2`($in_t), $T0 - vmovdqa `32*1+32*64*2*2`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R2a, $R2a - vpxor $T1, $R2b, $R2b - - vpcmpeqd $INDEX3, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*3`($in_t), $T0 - vmovdqa `32*1+32*64*2*3`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R3a, $R3a - vpxor $T1, $R3b, $R3b - - vpaddd (%rax), $M0, $M0 # increment - lea 32*2($in_t), $in_t - - dec %ecx - jnz .Lmulti_select_loop_avx2 - - vmovdqu $R0a, 32*0-112($val) - vmovdqu $R0b, 32*1-112($val) - vmovdqu $R1a, 32*2-112($val) - vmovdqu $R1b, 32*3-112($val) - vmovdqu $R2a, 32*4-112($val) - vmovdqu $R2b, 32*5-112($val) - vmovdqu $R3a, 32*6-112($val) - vmovdqu $R3b, 32*7-112($val) - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7 - -.extern OPENSSL_ia32cap_P -.globl ecp_nistz_avx2_eligible -.type ecp_nistz_avx2_eligible,\@abi-omnipotent -.align 32 -ecp_nistz_avx2_eligible: - mov OPENSSL_ia32cap_P+8(%rip),%eax - shr \$5,%eax - and \$1,%eax - ret -.size ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible -___ -} -}} else {{ # assembler is too old -$code.=<<___; -.text - -.globl ecp_nistz256_avx2_transpose_convert -.globl ecp_nistz256_avx2_convert_transpose_back -.globl ecp_nistz256_avx2_point_add_affine_x4 -.globl ecp_nistz256_avx2_point_add_affines_x4 -.globl ecp_nistz256_avx2_to_mont -.globl ecp_nistz256_avx2_from_mont -.globl ecp_nistz256_avx2_set1 -.globl ecp_nistz256_avx2_multi_gather_w7 -.type ecp_nistz256_avx2_multi_gather_w7,\@abi-omnipotent -ecp_nistz256_avx2_transpose_convert: -ecp_nistz256_avx2_convert_transpose_back: -ecp_nistz256_avx2_point_add_affine_x4: -ecp_nistz256_avx2_point_add_affines_x4: -ecp_nistz256_avx2_to_mont: -ecp_nistz256_avx2_from_mont: -ecp_nistz256_avx2_set1: -ecp_nistz256_avx2_multi_gather_w7: - .byte 0x0f,0x0b # ud2 - ret -.size ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7 - -.globl ecp_nistz_avx2_eligible -.type ecp_nistz_avx2_eligible,\@abi-omnipotent -ecp_nistz_avx2_eligible: - xor %eax,%eax - ret -.size ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible -___ -}} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval($1)/geo; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 50b6d43b7c..0f1170dbad 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -936,207 +936,6 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) return ret; } -/* - * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great - * code processing 4 points in parallel, corresponding serial operation - * is several times slower, because it uses 29x29=58-bit multiplication - * as opposite to 64x64=128-bit in integer-only scalar case. As result - * it doesn't provide *significant* performance improvement. Note that - * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work, - * you'd need to compile even asm/ecp_nistz256-avx.pl module. - */ -#if defined(ECP_NISTZ256_AVX2) -# if !(defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) || \ - !(defined(__GNUC__) || defined(_MSC_VER)) /* this is for ALIGN32 */ -# undef ECP_NISTZ256_AVX2 -# else -/* Constant time access, loading four values, from four consecutive tables */ -void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in, - int index0, int index1, int index2, - int index3); -void ecp_nistz256_avx2_transpose_convert(void *RESULTx4, const void *in); -void ecp_nistz256_avx2_convert_transpose_back(void *result, const void *Ax4); -void ecp_nistz256_avx2_point_add_affine_x4(void *RESULTx4, const void *Ax4, - const void *Bx4); -void ecp_nistz256_avx2_point_add_affines_x4(void *RESULTx4, const void *Ax4, - const void *Bx4); -void ecp_nistz256_avx2_to_mont(void *RESULTx4, const void *Ax4); -void ecp_nistz256_avx2_from_mont(void *RESULTx4, const void *Ax4); -void ecp_nistz256_avx2_set1(void *RESULTx4); -int ecp_nistz_avx2_eligible(void); - -static void booth_recode_w7(unsigned char *sign, - unsigned char *digit, unsigned char in) -{ - unsigned char s, d; - - s = ~((in >> 7) - 1); - d = (1 << 8) - in - 1; - d = (d & s) | (in & ~s); - d = (d >> 1) + (d & 1); - - *sign = s & 1; - *digit = d; -} - -/* - * ecp_nistz256_avx2_mul_g performs multiplication by G, using only the - * precomputed table. It does 4 affine point additions in parallel, - * significantly speeding up point multiplication for a fixed value. - */ -static void ecp_nistz256_avx2_mul_g(P256_POINT *r, - unsigned char p_str[33], - const P256_POINT_AFFINE(*preComputedTable)[64]) -{ - const unsigned int window_size = 7; - const unsigned int mask = (1 << (window_size + 1)) - 1; - unsigned int wvalue; - /* Using 4 windows at a time */ - unsigned char sign0, digit0; - unsigned char sign1, digit1; - unsigned char sign2, digit2; - unsigned char sign3, digit3; - unsigned int idx = 0; - BN_ULONG tmp[P256_LIMBS]; - int i; - - ALIGN32 BN_ULONG aX4[4 * 9 * 3] = { 0 }; - ALIGN32 BN_ULONG bX4[4 * 9 * 2] = { 0 }; - ALIGN32 P256_POINT_AFFINE point_arr[4]; - ALIGN32 P256_POINT res_point_arr[4]; - - /* Initial four windows */ - wvalue = *((u16 *) & p_str[0]); - wvalue = (wvalue << 1) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[0], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(aX4, point_arr); - ecp_nistz256_avx2_to_mont(aX4, aX4); - ecp_nistz256_avx2_to_mont(&aX4[4 * 9], &aX4[4 * 9]); - ecp_nistz256_avx2_set1(&aX4[4 * 9 * 2]); - - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[4 * 1], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(bX4, point_arr); - ecp_nistz256_avx2_to_mont(bX4, bX4); - ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]); - /* Optimized when both inputs are affine */ - ecp_nistz256_avx2_point_add_affines_x4(aX4, aX4, bX4); - - for (i = 2; i < 9; i++) { - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, - preComputedTable[4 * i], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(bX4, point_arr); - ecp_nistz256_avx2_to_mont(bX4, bX4); - ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]); - - ecp_nistz256_avx2_point_add_affine_x4(aX4, aX4, bX4); - } - - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 0], &aX4[4 * 9 * 0]); - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 1], &aX4[4 * 9 * 1]); - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 2], &aX4[4 * 9 * 2]); - - ecp_nistz256_avx2_convert_transpose_back(res_point_arr, aX4); - /* Last window is performed serially */ - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - booth_recode_w7(&sign0, &digit0, wvalue); - ecp_nistz256_gather_w7((P256_POINT_AFFINE *)r, - preComputedTable[36], digit0); - ecp_nistz256_neg(tmp, r->Y); - copy_conditional(r->Y, tmp, sign0); - memcpy(r->Z, ONE, sizeof(ONE)); - /* Sum the four windows */ - ecp_nistz256_point_add(r, r, &res_point_arr[0]); - ecp_nistz256_point_add(r, r, &res_point_arr[1]); - ecp_nistz256_point_add(r, r, &res_point_arr[2]); - ecp_nistz256_point_add(r, r, &res_point_arr[3]); -} -# endif -#endif - __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group, const P256_POINT_AFFINE *in, BN_CTX *ctx) @@ -1226,6 +1025,8 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, } if (preComputedTable) { + BN_ULONG infty; + if ((BN_num_bits(scalar) > 256) || BN_is_negative(scalar)) { if ((tmp_scalar = BN_CTX_get(ctx)) == NULL) @@ -1257,67 +1058,58 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, for (; i < 33; i++) p_str[i] = 0; -#if defined(ECP_NISTZ256_AVX2) - if (ecp_nistz_avx2_eligible()) { - ecp_nistz256_avx2_mul_g(&p.p, p_str, preComputedTable); - } else -#endif - { - BN_ULONG infty; + /* First window */ + wvalue = (p_str[0] << 1) & mask; + idx += window_size; - /* First window */ - wvalue = (p_str[0] << 1) & mask; - idx += window_size; + wvalue = _booth_recode_w7(wvalue); - wvalue = _booth_recode_w7(wvalue); + ecp_nistz256_gather_w7(&p.a, preComputedTable[0], + wvalue >> 1); - ecp_nistz256_gather_w7(&p.a, preComputedTable[0], - wvalue >> 1); - - ecp_nistz256_neg(p.p.Z, p.p.Y); - copy_conditional(p.p.Y, p.p.Z, wvalue & 1); - - /* - * Since affine infinity is encoded as (0,0) and - * Jacobian ias (,,0), we need to harmonize them - * by assigning "one" or zero to Z. - */ - infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | - p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); - if (P256_LIMBS == 8) - infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | - p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); - - infty = 0 - is_zero(infty); - infty = ~infty; - - p.p.Z[0] = ONE[0] & infty; - p.p.Z[1] = ONE[1] & infty; - p.p.Z[2] = ONE[2] & infty; - p.p.Z[3] = ONE[3] & infty; - if (P256_LIMBS == 8) { - p.p.Z[4] = ONE[4] & infty; - p.p.Z[5] = ONE[5] & infty; - p.p.Z[6] = ONE[6] & infty; - p.p.Z[7] = ONE[7] & infty; - } + ecp_nistz256_neg(p.p.Z, p.p.Y); + copy_conditional(p.p.Y, p.p.Z, wvalue & 1); - for (i = 1; i < 37; i++) { - unsigned int off = (idx - 1) / 8; - wvalue = p_str[off] | p_str[off + 1] << 8; - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; + /* + * Since affine infinity is encoded as (0,0) and + * Jacobian is (,,0), we need to harmonize them + * by assigning "one" or zero to Z. + */ + infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | + p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); + if (P256_LIMBS == 8) + infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | + p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); + + infty = 0 - is_zero(infty); + infty = ~infty; + + p.p.Z[0] = ONE[0] & infty; + p.p.Z[1] = ONE[1] & infty; + p.p.Z[2] = ONE[2] & infty; + p.p.Z[3] = ONE[3] & infty; + if (P256_LIMBS == 8) { + p.p.Z[4] = ONE[4] & infty; + p.p.Z[5] = ONE[5] & infty; + p.p.Z[6] = ONE[6] & infty; + p.p.Z[7] = ONE[7] & infty; + } - wvalue = _booth_recode_w7(wvalue); + for (i = 1; i < 37; i++) { + unsigned int off = (idx - 1) / 8; + wvalue = p_str[off] | p_str[off + 1] << 8; + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; - ecp_nistz256_gather_w7(&t.a, - preComputedTable[i], wvalue >> 1); + wvalue = _booth_recode_w7(wvalue); - ecp_nistz256_neg(t.p.Z, t.a.Y); - copy_conditional(t.a.Y, t.p.Z, wvalue & 1); + ecp_nistz256_gather_w7(&t.a, + preComputedTable[i], wvalue >> 1); - ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); - } + ecp_nistz256_neg(t.p.Z, t.a.Y); + copy_conditional(t.a.Y, t.p.Z, wvalue & 1); + + ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); } } else { p_is_infinity = 1; From builds at travis-ci.org Thu Jun 4 15:54:47 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Jun 2020 15:54:47 +0000 Subject: Passed: openssl/openssl#35245 (openssl-3.0.0-alpha3 - 3952c5a) In-Reply-To: Message-ID: <5ed919476e6bc_13fdbcf9852704289e0@travis-tasks-6cb487fd6-gb9ql.mail> Build Update for openssl/openssl ------------------------------------- Build: #35245 Status: Passed Duration: 37 mins and 5 secs Commit: 3952c5a (openssl-3.0.0-alpha3) Author: Matt Caswell Message: Prepare for release of 3.0 alpha 3 Reviewed-by: Tomas Mraz View the changeset: https://github.com/openssl/openssl/compare/openssl-3.0.0-alpha3 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694672422?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 4 16:53:42 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 04 Jun 2020 16:53:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1591289622.246671.2819.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 29c49b2534 TEST: Test i2d_PKCS8PrivateKey_bio() and PEM_write_bio_PKCS8PrivateKey() eb2bba2569 PEM: Make PKCS8 serializers aware of OSSL_SERIALIZERs a5a87011ba fix a docs typo d805b83166 Prevent extended tests run unexpectedly in appveyor 23ccae80bd Move EC_METHOD to internal-only e306f83c8c APPS: Remove make_config_name, use CONF_get1_default_config_file instead 32df13497a Remove getenv(OPENSSL_FIPS) in openssl command 41dccd68b9 Revert the check for NaN in %f format c7f837cfcc undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations dc18e4ddfb Make BIO_do_connect() and friends handle multiple IP addresses 60d3b5b9ff add FFDH to speed command Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=198, Tests=1992, 725 wallclock secs ( 7.98 usr 1.52 sys + 684.66 cusr 46.03 csys = 740.19 CPU) Result: FAIL Makefile:3086: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3084: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.org Thu Jun 4 17:06:53 2020 From: builds at travis-ci.org (Travis CI) Date: Thu, 04 Jun 2020 17:06:53 +0000 Subject: Still Failing: openssl/openssl#35252 (OpenSSL_1_1_1-stable - 8354f53) In-Reply-To: Message-ID: <5ed92a2d19257_13fc4574957401005d9@travis-tasks-5b8b9947f8-f7fq7.mail> Build Update for openssl/openssl ------------------------------------- Build: #35252 Status: Still Failing Duration: 31 mins and 37 secs Commit: 8354f53 (OpenSSL_1_1_1-stable) Author: Vladimir Kotal Message: enable DECLARE_DEPRECATED macro for Oracle Developer Studio compiler Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9575) View the changeset: https://github.com/openssl/openssl/compare/e6a80cbad28e...8354f53d4078 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694681157?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kurt at openssl.org Thu Jun 4 21:05:05 2020 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 04 Jun 2020 21:05:05 +0000 Subject: [openssl] master update Message-ID: <1591304705.167145.4668.nullmailer@dev.openssl.org> The branch master has been updated via 6985b0e3deaee2f6e83a670ce7b33cf9ee47933a (commit) from 00da0f69890874feaa555fafb99b967b861e9118 (commit) - Log ----------------------------------------------------------------- commit 6985b0e3deaee2f6e83a670ce7b33cf9ee47933a Author: Kurt Roeckx Date: Wed Jun 3 22:01:31 2020 +0200 Add github sponsor button Reviewed-by: Richard Levitte GH: #12035 ----------------------------------------------------------------------- Summary of changes: .github/FUNDING.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000000..15a862457e --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +github: openssl From pauli at openssl.org Thu Jun 4 23:19:05 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 04 Jun 2020 23:19:05 +0000 Subject: [openssl] master update Message-ID: <1591312745.350616.10140.nullmailer@dev.openssl.org> The branch master has been updated via a64a143f314c00937c14b61157e4ea934f3c6b69 (commit) from 6985b0e3deaee2f6e83a670ce7b33cf9ee47933a (commit) - Log ----------------------------------------------------------------- commit a64a143f314c00937c14b61157e4ea934f3c6b69 Author: Jaimee Brown Date: Wed Jun 3 14:28:06 2020 +1000 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12021) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_PKEY_CTX_new.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/man3/EVP_PKEY_CTX_new.pod b/doc/man3/EVP_PKEY_CTX_new.pod index b1f3185b94..4430967d19 100644 --- a/doc/man3/EVP_PKEY_CTX_new.pod +++ b/doc/man3/EVP_PKEY_CTX_new.pod @@ -16,7 +16,8 @@ EVP_PKEY_CTX_new_from_pkey, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free const char *name, const char *propquery); EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OPENSSL_CTX *libctx, - EVP_PKEY *pkey); + EVP_PKEY *pkey, + const char *propquery); EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *ctx); void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); From pauli at openssl.org Thu Jun 4 23:21:04 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 04 Jun 2020 23:21:04 +0000 Subject: [openssl] master update Message-ID: <1591312864.304256.3544.nullmailer@dev.openssl.org> The branch master has been updated via b1c21b27dce840cfe2c9554b498fdcd115799a2f (commit) from a64a143f314c00937c14b61157e4ea934f3c6b69 (commit) - Log ----------------------------------------------------------------- commit b1c21b27dce840cfe2c9554b498fdcd115799a2f Author: Pauli Date: Wed Jun 3 10:55:49 2020 +1000 fips: add additional algorithms to the FIPS provider. Discussions are ongoing but the OMC has approved the in-principle addition of these algorithms to the upcoming FIPS validation. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12020) ----------------------------------------------------------------------- Summary of changes: providers/fips/fipsprov.c | 24 +++++++++++++++++++++--- test/recipes/30-test_evp_data/evpdigest.txt | 11 ----------- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 31217202f2..0484a54f52 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -377,8 +377,17 @@ static const OSSL_ALGORITHM fips_digests[] = { { "SHA3-384", "provider=fips,fips=yes", sha3_384_functions }, { "SHA3-512", "provider=fips,fips=yes", sha3_512_functions }, - /* Non-FIPS algorithm to support oneshot_hash in the Ed448 code */ - { "SHAKE-256:SHAKE256", "provider=fips,fips=no", shake_256_functions }, + { "SHAKE-128:SHAKE128", "provider=fips,fips=yes", shake_128_functions }, + { "SHAKE-256:SHAKE256", "provider=fips,fips=yes", shake_256_functions }, + + /* + * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for + * KMAC128 and KMAC256. + */ + { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=fips,fips=yes", + keccak_kmac_128_functions }, + { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=fips,fips=yes", + keccak_kmac_256_functions }, { NULL, NULL, NULL } }; @@ -439,8 +448,13 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; static const OSSL_ALGORITHM fips_macs[] = { +#ifndef OPENSSL_NO_CMAC + { "CMAC", "provider=fips,fips=yes", cmac_functions }, +#endif { "GMAC", "provider=fips,fips=yes", gmac_functions }, { "HMAC", "provider=fips,fips=yes", hmac_functions }, + { "KMAC-128:KMAC128", "provider=fips,fips=yes", kmac128_functions }, + { "KMAC-256:KMAC256", "provider=fips,fips=yes", kmac256_functions }, { NULL, NULL, NULL } }; @@ -448,7 +462,10 @@ static const OSSL_ALGORITHM fips_kdfs[] = { { "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions }, { "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions }, { "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions }, + { "SSHKDF", "provider=fips,fips=yes", kdf_sshkdf_functions }, + { "X963KDF", "provider=fips,fips=yes", kdf_x963_kdf_functions }, { "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions }, + { "KBKDF", "provider=fips,fips=yes", kdf_kbkdf_functions }, { NULL, NULL, NULL } }; @@ -490,7 +507,8 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions }, #endif { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions }, - { "RSA-PSS:RSASSA-PSS", "provider=default", rsapss_keymgmt_functions }, + { "RSA-PSS:RSASSA-PSS", "provider=fips,fips=yes", + rsapss_keymgmt_functions }, #ifndef OPENSSL_NO_EC { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions }, { "X25519", "provider=fips,fips=no", x25519_keymgmt_functions }, diff --git a/test/recipes/30-test_evp_data/evpdigest.txt b/test/recipes/30-test_evp_data/evpdigest.txt index b09a747b18..b492eab3d4 100644 --- a/test/recipes/30-test_evp_data/evpdigest.txt +++ b/test/recipes/30-test_evp_data/evpdigest.txt @@ -505,12 +505,10 @@ Input = 991c4e7402c7da689dd5525af76fcc58fe9cc1451308c0c4600363586ccc83c9ec10a8c9 Output = cd0f2a48e9aa8cc700d3f64efb013f3600ebdbb524930c682d21025eab990eb6d7c52e611f884031fafd9360e5225ab7e4ec24cbe97f3af6dbe4a86a4f068ba7 Digest = SHAKE128 -Availablein = default Input = "" Output = 7F9C2BA4E88F827D616045507605853ED73B8093F6EFBC88EB1A6EACFA66EF263CB1EEA988004B93103CFB0AEEFD2A686E01FA4A58E8A3639CA8A1E3F9AE57E235B8CC873C23DC62B8D260169AFA2F75AB916A58D974918835D25E6A435085B2BADFD6DFAAC359A5EFBB7BCC4B59D538DF9A04302E10C8BC1CBF1A0B3A5120EA17CDA7CFAD765F5623474D368CCCA8AF0007CD9F5E4C849F167A580B14AABDEFAEE7EEF47CB0FCA9767BE1FDA69419DFB927E9DF07348B196691ABAEB580B32DEF58538B8D23F87732EA63B02B4FA0F4873360E2841928CD60DD4CEE8CC0D4C922A96188D032675C8AC850933C7AFF1533B94C834ADBB69C6115BAD4692D8619F90B0CDF8A7B9C264029AC185B70B83F2801F2F4B3F70C593EA3AEEB613A7F1B1DE33FD75081F592305F2E4526EDC09631B10958F464D889F31BA010250FDA7F1368EC2967FC84EF2AE9AFF268E0B1700AFFC6820B523A3D917135F2DFF2EE06BFE72B3124721D4A26C04E53A75E30E73A7A9C4A95D91C55D495E9F51DD0B5E9D83C6D5E8CE803AA62B8D654DB53D09B8DCFF273CDFEB573FAD8BCD45578BEC2E770D01EFDE86E721A3F7C6CCE275DABE6E2143F1AF18DA7EFDDC4C7B70B5E345DB93CC936BEA323491CCB38A388F546A9FF00DD4E1300B9B2153D2041D205B443E41B45A653F2A5C4492C1ADD544512DDA2529833462B71A41A45BE97290B6F Digest = SHAKE128 -Availablein = default Input = A3 Count = 200 Output = 131AB8D2B594946B9C81333F9BB6E0CE75C3B93104FA3469D3917457385DA037CF232EF7164A6D1EB448C8908186AD852D3F85A5CF28DA1AB6FE3438171978467F1C05D58C7EF38C284C41F6C2221A76F12AB1C04082660250802294FB87180213FDEF5B0ECB7DF50CA1F8555BE14D32E10F6EDCDE892C09424B29F597AFC270C904556BFCB47A7D40778D390923642B3CBD0579E60908D5A000C1D08B98EF933F806445BF87F8B009BA9E94F7266122ED7AC24E5E266C42A82FA1BBEFB7B8DB0066E16A85E0493F07DF4809AEC084A593748AC3DDE5A6D7AAE1E8B6E5352B2D71EFBB47D4CAEED5E6D633805D2D323E6FD81B4684B93A2677D45E7421C2C6AEA259B855A698FD7D13477A1FE53E5A4A6197DBEC5CE95F505B520BCD9570C4A8265A7E01F89C0C002C59BFEC6CD4A5C109258953EE5EE70CD577EE217AF21FA70178F0946C9BF6CA8751793479F6B537737E40B6ED28511D8A2D7E73EB75F8DAAC912FF906E0AB955B083BAC45A8E5E9B744C8506F37E9B4E749A184B30F43EB188D855F1B70D71FF3E50C537AC1B0F8974F0FE1A6AD295BA42F6AEC74D123A7ABEDDE6E2C0711CAB36BE5ACB1A5A11A4B1DB08BA6982EFCCD716929A7741CFC63AA4435E0B69A9063E880795C3DC5EF3272E11C497A91ACF699FEFEE206227A44C9FB359FD56AC0A9A75A743CFF6862F17D7259AB075216C0699511643B6439 @@ -521,28 +519,23 @@ Input = a6fe00064257aa318b621c5eb311d32bb8004c2fa1a969d205d71762cc5d2e6339079926 Output = 3109d9472ca436e805c6b3db2251a9bc Digest = SHAKE128 -Availablein = default Input = 49d81708d86cd59dea0ac2c1017a9712d6dffb754dde0b57a9023a39fc5f5b6be276fc176f59f6826610428fac3a0e85fcf71011db061b8fcf2bf085ccd45670effb6dc46f4e3f2ed08e981c5935187fc95b86cf46da675096b1cf9591a67842d6301116be93d8288e4d6b70f1b1db8aa5d203b774a21825665b8170351ee86801da91154570eaf80a1564945af7822df8232fd04ea65593a7f2ab1e9e84cf6ad6c494c9ec2d9d27aaad2b8f7e4f33f12a17b422bc2d4724c13ff8a8b62054d1bfb5c33b9c11183cd8df67694300165ca37637b5a781155f1c070d156339a0242374c6723b6584bffb71c02b935455f8cb086392f5e8e8cc2015956d8f19daeb6aca4476b27108387a2ce0dc5591154d0b94ddc090abe8f4363036b821062baffb7fe550ea7dcd30bfd86c84710081e1c9e450475e123c5ec41f98ff0149bbf6405b5207cad1fb2f313d0f2bcee9be3f6ebe623049640d9234ab644a172ab14ba02633a339b5b9bb38226fda5694f7ec63ebbb8238eb8219ec9c429f4bf0353383a72f2d21702f5e3c513499f04852710f33044512edc47a56bad90885e5713851a7efac694b869fa590076e844ff757d95de581c1b3fa3dd8ccd28cad4f8ae173ee1b28f98ee606dca89063fbef0f262b33053f2c854debdc9cd433ab77abb64f445aa9b981761c4761767f3b71c2646c7b0d873baae50bc9f0 Output = c609be05458f7ab33e7b6b54bc6e8999 Digest = SHAKE256 -Availablein = default Input = "" Output = 46B9DD2B0BA88D13233B3FEB743EEB243FCD52EA62B81B82B50C27646ED5762FD75DC4DDD8C0F200CB05019D67B592F6FC821C49479AB48640292EACB3B7C4BE141E96616FB13957692CC7EDD0B45AE3DC07223C8E92937BEF84BC0EAB862853349EC75546F58FB7C2775C38462C5010D846C185C15111E595522A6BCD16CF86F3D122109E3B1FDD943B6AEC468A2D621A7C06C6A957C62B54DAFC3BE87567D677231395F6147293B68CEAB7A9E0C58D864E8EFDE4E1B9A46CBE854713672F5CAAAE314ED9083DAB4B099F8E300F01B8650F1F4B1D8FCF3F3CB53FB8E9EB2EA203BDC970F50AE55428A91F7F53AC266B28419C3778A15FD248D339EDE785FB7F5A1AAA96D313EACC890936C173CDCD0FAB882C45755FEB3AED96D477FF96390BF9A66D1368B208E21F7C10D04A3DBD4E360633E5DB4B602601C14CEA737DB3DCF722632CC77851CBDDE2AAF0A33A07B373445DF490CC8FC1E4160FF118378F11F0477DE055A81A9EDA57A4A2CFB0C83929D310912F729EC6CFA36C6AC6A75837143045D791CC85EFF5B21932F23861BCF23A52B5DA67EAF7BAAE0F5FB1369DB78F3AC45F8C4AC5671D85735CDDDB09D2B1E34A1FC066FF4A162CB263D6541274AE2FCC865F618ABE27C124CD8B074CCD516301B91875824D09958F341EF274BDAB0BAE316339894304E35877B0C28A9B1FD166C796B9CC258A064A8F57E27F2A Digest = SHAKE256 -Availablein = default Input = A3 Count = 200 Output = CD8A920ED141AA0407A22D59288652E9D9F1A7EE0C1E7C1CA699424DA84A904D2D700CAAE7396ECE96604440577DA4F3AA22AEB8857F961C4CD8E06F0AE6610B1048A7F64E1074CD629E85AD7566048EFC4FB500B486A3309A8F26724C0ED628001A1099422468DE726F1061D99EB9E93604D5AA7467D4B1BD6484582A384317D7F47D750B8F5499512BB85A226C4243556E696F6BD072C5AA2D9B69730244B56853D16970AD817E213E470618178001C9FB56C54FEFA5FEE67D2DA524BB3B0B61EF0E9114A92CDBB6CCCB98615CFE76E3510DD88D1CC28FF99287512F24BFAFA1A76877B6F37198E3A641C68A7C42D45FA7ACC10DAE5F3CEFB7B735F12D4E589F7A456E78C0F5E4C4471FFFA5E4FA0514AE974D8C2648513B5DB494CEA847156D277AD0E141C24C7839064CD08851BC2E7CA109FD4E251C35BB0A04FB05B364FF8C4D8B59BC303E25328C09A882E952518E1A8AE0FF265D61C465896973D7490499DC639FB8502B39456791B1B6EC5BCC5D9AC36A6DF622A070D43FED781F5F149F7B62675E7D1A4D6DEC48C1C7164586EAE06A51208C0B791244D307726505C3AD4B26B6822377257AA152037560A739714A3CA79BD605547C9B78DD1F596F2D4F1791BC689A0E9B799A37339C04275733740143EF5D2B58B96A363D4E08076A1A9D7846436E4DCA5728B6F760EEF0CA92BF0BE5615E96959D767197A0BEEB Digest = SHAKE256 -Availablein = default Input = dc5a100fa16df1583c79722a0d72833d3bf22c109b8889dbd35213c6bfce205813edae3242695cfd9f59b9a1c203c1b72ef1a5423147cb990b5316a85266675894e2644c3f9578cebe451a09e58c53788fe77a9e850943f8a275f830354b0593a762bac55e984db3e0661eca3cb83f67a6fb348e6177f7dee2df40c4322602f094953905681be3954fe44c4c902c8f6bba565a788b38f13411ba76ce0f9f6756a2a2687424c5435a51e62df7a8934b6e141f74c6ccf539e3782d22b5955d3baf1ab2cf7b5c3f74ec2f9447344e937957fd7f0bdfec56d5d25f61cde18c0986e244ecf780d6307e313117256948d4230ebb9ea62bb302cfe80d7dfebabc4a51d7687967ed5b416a139e974c005fff507a96 Output = 2bac5716803a9cda8f9e84365ab0a681327b5ba34fdedfb1c12e6e807f45284b Digest = SHAKE256 -Availablein = default Input = 16caf60da14b4fa9174a6d40c23cff93ed8fc9279990f749718db1500036ef2222498ffab86fa568a0611299e54e58d83281ac558d3f4d2541ee158b1c7d4d76dbffc64ae39925e3329f7fd894fa26fc1acdc22bc858a3438e1c55707a3f75ad2b33c48789937a24b34ddd85390611088cba3231b2a3a0a93e5d9a8780470fcff92cb03811234a330db353283b3bc3036f9125efb3eaed613bfa0c59975cc2e52c33b3e6e5123e1626190a4a0261e1f5ad9bc2ee34f331736b3bd26d274536f5ae90f5186c27fdd7e8c72972f64016e72d1d32b59b8715e5b867154b99cb140a668b9d560e2c307e3904d9297f9f07dfd7629ccc526e41c109c8fc7c53b604293c6cd42933e77e11031a42f605485fe893b129bcbf705c0f45a4b087bfcead5c187ac1174322909a2d4f8b61f001c4074951000c4c550ed5564458f444dab8aae2fe8daaa6a30d209fecddf2a893df46e18b4b4460e4011d23f01d4c49a4cc1c82405f6ac5339eac41385f3295c657ac43a72fed62e6daee94ef271638f292b8e18860de0699eb45fb7d3aa81f61d44158edd68ebc244451918b Output = 21a48efd949c3f785179a0e340756a23f77d29a7625229a71a05731c7fbd5aa9 @@ -550,22 +543,18 @@ Output = 21a48efd949c3f785179a0e340756a23f77d29a7625229a71a05731c7fbd5aa9 # http://csrc.nist.gov/groups/STM/cavp/secure-hashing.html#test-vectors Digest = SHAKE128 -Availablein = default Input = c60a221c975e14bf835827c1103a2906 Output = 0db7f7196eee8dd6994a16ded19cb09f05f89ccd2464333df2c017c6ca041fa0d54a4832a74ce86ce9b41d8e523e66ce6ef9df7c20aa70e0ac00f54eb072a472ef46cf2a933df0d5f9fafab6388a206f6bd1df50b0836500c758c557c8ac965733fdaaa59f5ed661a1bda61e2952886a60f9568157e3d72e49b6e061fc08f3f1caf159e8eff77ea5221565d2 Digest = SHAKE128 -Availablein = default Input = 0a13ad2c7a239b4ba73ea6592ae84ea9 Output = 5feaf99c15f48851943ff9baa6e5055d8377f0dd347aa4dbece51ad3a6d9ce0c01aee9fe2260b80a4673a909b532adcdd1e421c32d6460535b5fe392a58d2634979a5a104d6c470aa3306c400b061db91c463b2848297bca2bc26d1864ba49d7ff949ebca50fbf79a5e63716dc82b600bd52ca7437ed774d169f6bf02e46487956fba2230f34cd2a0485484d Digest = SHAKE256 -Availablein = default Input = 6ae23f058f0f2264a18cd609acc26dd4dbc00f5c3ee9e13ecaea2bb5a2f0bb6b Output = b9b92544fb25cfe4ec6fe437d8da2bbe00f7bdaface3de97b8775a44d753c3adca3f7c6f183cc8647e229070439aa9539ae1f8f13470c9d3527fffdeef6c94f9f0520ff0c1ba8b16e16014e1af43ac6d94cb7929188cce9d7b02f81a2746f52ba16988e5f6d93298d778dfe05ea0ef256ae3728643ce3e29c794a0370e9ca6a8bf3e7a41e86770676ac106f7ae79e67027ce7b7b38efe27d253a52b5cb54d6eb4367a87736ed48cb45ef27f42683da140ed3295dfc575d3ea38cfc2a3697cc92864305407369b4abac054e497378dd9fd0c4b352ea3185ce1178b3dc1599df69db29259d4735320c8e7d33e8226620c9a1d22761f1d35bdff79a Digest = SHAKE256 -Availablein = default Input = 8d8001e2c096f1b88e7c9224a086efd4797fbf74a8033a2d422a2b6b8f6747e4 Output = 2e975f6a8a14f0704d51b13667d8195c219f71e6345696c49fa4b9d08e9225d3d39393425152c97e71dd24601c11abcfa0f12f53c680bd3ae757b8134a9c10d429615869217fdd5885c4db174985703a6d6de94a667eac3023443a8337ae1bc601b76d7d38ec3c34463105f0d3949d78e562a039e4469548b609395de5a4fd43c46ca9fd6ee29ada5efc07d84d553249450dab4a49c483ded250c9338f85cd937ae66bb436f3b4026e859fda1ca571432f3bfc09e7c03ca4d183b741111ca0483d0edabc03feb23b17ee48e844ba2408d9dcfd0139d2e8c7310125aee801c61ab7900d1efc47c078281766f361c5e6111346235e1dc38325666c From builds at travis-ci.org Fri Jun 5 00:35:54 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 05 Jun 2020 00:35:54 +0000 Subject: Broken: openssl/openssl#35264 (master - b1c21b2) In-Reply-To: Message-ID: <5ed99369b1662_13ff4d51d981861126@travis-tasks-65799dc6f6-npb7z.mail> Build Update for openssl/openssl ------------------------------------- Build: #35264 Status: Broken Duration: 1 hr, 5 mins, and 31 secs Commit: b1c21b2 (master) Author: Pauli Message: fips: add additional algorithms to the FIPS provider. Discussions are ongoing but the OMC has approved the in-principle addition of these algorithms to the upcoming FIPS validation. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12020) View the changeset: https://github.com/openssl/openssl/compare/a64a143f314c...b1c21b27dce8 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694844265?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jun 5 01:25:23 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Jun 2020 01:25:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1591320323.911455.7119.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=199, Tests=1918, 736 wallclock secs ( 8.59 usr 1.58 sys + 688.49 cusr 45.66 csys = 744.32 CPU) Result: FAIL Makefile:3106: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3104: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Fri Jun 5 04:04:26 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Jun 2020 04:04:26 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1591329866.017632.24450.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): providers/libcrypto-shlib-nullprov.o \ providers/libimplementations.a providers/libcommon.a providers/libnonfips.a -ldl -pthread rm -f libcrypto.so && \ ln -s libcrypto.so.3 libcrypto.so clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-znodelete -shared -Wl,-Bsymbolic -Wl,-soname=libssl.so.3 \ -o libssl.so.3 -Wl,--version-script=libssl.ld \ crypto/libssl-shlib-packet.o ssl/libssl-shlib-bio_ssl.o \ ssl/libssl-shlib-d1_lib.o ssl/libssl-shlib-d1_msg.o \ ssl/libssl-shlib-d1_srtp.o ssl/libssl-shlib-methods.o \ ssl/libssl-shlib-pqueue.o ssl/libssl-shlib-s3_cbc.o \ ssl/libssl-shlib-s3_enc.o ssl/libssl-shlib-s3_lib.o \ ssl/libssl-shlib-s3_msg.o ssl/libssl-shlib-ssl_asn1.o \ ssl/libssl-shlib-ssl_cert.o ssl/libssl-shlib-ssl_ciph.o \ ssl/libssl-shlib-ssl_conf.o ssl/libssl-shlib-ssl_err.o \ ssl/libssl-shlib-ssl_init.o ssl/libssl-shlib-ssl_lib.o \ ssl/libssl-shlib-ssl_mcnf.o ssl/libssl-shlib-ssl_rsa.o \ ssl/libssl-shlib-ssl_sess.o ssl/libssl-shlib-ssl_stat.o \ ssl/libssl-shlib-ssl_txt.o ssl/libssl-shlib-ssl_utst.o \ ssl/libssl-shlib-t1_enc.o ssl/libssl-shlib-t1_lib.o \ ssl/libssl-shlib-t1_trce.o ssl/libssl-shlib-tls13_enc.o \ ssl/libssl-shlib-tls_srp.o \ ssl/record/libssl-shlib-dtls1_bitmap.o \ ssl/record/libssl-shlib-rec_layer_d1.o \ ssl/record/libssl-shlib-rec_layer_s3.o \ ssl/record/libssl-shlib-ssl3_buffer.o \ ssl/record/libssl-shlib-ssl3_record.o \ ssl/record/libssl-shlib-ssl3_record_tls13.o \ ssl/statem/libssl-shlib-extensions.o \ ssl/statem/libssl-shlib-extensions_clnt.o \ ssl/statem/libssl-shlib-extensions_cust.o \ ssl/statem/libssl-shlib-extensions_srvr.o \ ssl/statem/libssl-shlib-statem.o \ ssl/statem/libssl-shlib-statem_clnt.o \ ssl/statem/libssl-shlib-statem_dtls.o \ ssl/statem/libssl-shlib-statem_lib.o \ ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld \ engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld \ engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld \ engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld \ engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld \ engines/padlock-dso-e_padlock-x86_64.o \ engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test \ fuzz/asn1parse-test-bin-asn1parse.o \ fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test \ fuzz/bignum-test-bin-bignum.o \ fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22682: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22706: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3036: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Fri Jun 5 06:36:07 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Jun 2020 06:36:07 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1591338967.547853.23506.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=199, Tests=1991, 702 wallclock secs ( 8.44 usr 1.32 sys + 654.11 cusr 43.36 csys = 707.23 CPU) Result: FAIL Makefile:3088: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3086: recipe for target 'tests' failed make: *** [tests] Error 2 From dev at ddvo.net Fri Jun 5 07:24:49 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Fri, 05 Jun 2020 07:24:49 +0000 Subject: [openssl] master update Message-ID: <1591341889.066501.19883.nullmailer@dev.openssl.org> The branch master has been updated via 987e3a0eed18a857062df6ae28671feb8929b560 (commit) from b1c21b27dce840cfe2c9554b498fdcd115799a2f (commit) - Log ----------------------------------------------------------------- commit 987e3a0eed18a857062df6ae28671feb8929b560 Author: Dr. David von Oheimb Date: Wed Jun 3 14:13:01 2020 +0200 Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md This is a follow-up of PR #12013. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12026) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 68fa1e0033..acb4c904bb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,15 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Renamed EVP_PKEY_cmp() to EVP_PKEY_eq() and + EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq(). + While the old function names have been retained for backward compatibility + they should not be used in new developments + because their return values are confusing: Unlike other `_cmp()` functions + they do not return 0 in case their arguments are equal. + + *David von Oheimb* + * Deprecated EC_METHOD_get_field_type(). Applications should switch to EC_GROUP_get_field_type(). From levitte at openssl.org Fri Jun 5 08:01:40 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 05 Jun 2020 08:01:40 +0000 Subject: [openssl] master update Message-ID: <1591344100.900478.6591.nullmailer@dev.openssl.org> The branch master has been updated via eca471391378139f76a7d1229b6a5a1dcc4b5603 (commit) from 987e3a0eed18a857062df6ae28671feb8929b560 (commit) - Log ----------------------------------------------------------------- commit eca471391378139f76a7d1229b6a5a1dcc4b5603 Author: Richard Levitte Date: Wed Jun 3 10:49:50 2020 +0200 APPS: Drop interactive mode in the 'openssl' program This mode is severely untested and unmaintained, is seems not to be used very much. Closes #4679 Closes #6292 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12023) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 6 ++++ NEWS.md | 1 + apps/openssl.c | 97 +++++----------------------------------------------- doc/man1/openssl.pod | 6 +++- 4 files changed, 20 insertions(+), 90 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index acb4c904bb..39088d1bc7 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,12 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Dropped interactive mode from the 'openssl' program. From now on, + the `openssl` command without arguments is equivalent to `openssl + help`. + + *Richard Levitte* + * Renamed EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq(). While the old function names have been retained for backward compatibility diff --git a/NEWS.md b/NEWS.md index c09e9599a4..29fb641d26 100644 --- a/NEWS.md +++ b/NEWS.md @@ -20,6 +20,7 @@ OpenSSL 3.0 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] + * Interactive mode is removed from the 'openssl' program. * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in the FIPS provider. None have the "fips=yes" property set and, as such, will not be accidentially used. diff --git a/apps/openssl.c b/apps/openssl.c index 6265bffa67..7b0ccbcc09 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -30,9 +30,6 @@ #include "apps.h" #include "progs.h" -/* Special sentinel to exit the program. */ -#define EXIT_THE_PROGRAM (-1) - /* * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with * the base prototypes (we cast each variable inside the function to the @@ -212,11 +209,9 @@ int main(int argc, char *argv[]) { FUNCTION f, *fp; LHASH_OF(FUNCTION) *prog = NULL; - char *p, *pname; - char buf[1024]; - const char *prompt; + char *pname; ARGS arg; - int first, n, i, ret = 0; + int ret = 0; arg.argv = NULL; arg.size = 0; @@ -264,89 +259,17 @@ int main(int argc, char *argv[]) /* first check the program name */ f.name = pname; fp = lh_FUNCTION_retrieve(prog, &f); - if (fp != NULL) { - argv[0] = pname; - if (fp->deprecated_alternative != NULL) - warn_deprecated(fp); - ret = fp->func(argc, argv); - goto end; - } - - /* If there is stuff on the command line, run with that. */ - if (argc != 1) { + if (fp == NULL) { + /* We assume we've been called as 'openssl cmd' */ argc--; argv++; - ret = do_cmd(prog, argc, argv); - if (ret < 0) - ret = 0; - goto end; } - /* ok, lets enter interactive mode */ - for (;;) { - ret = 0; - /* Read a line, continue reading if line ends with \ */ - for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) { - prompt = first ? "OpenSSL> " : "> "; - p[0] = '\0'; -#ifndef READLINE - fputs(prompt, stdout); - fflush(stdout); - if (!fgets(p, n, stdin)) - goto end; - if (p[0] == '\0') - goto end; - i = strlen(p); - if (i <= 1) - break; - if (p[i - 2] != '\\') - break; - i -= 2; - p += i; - n -= i; -#else - { - extern char *readline(const char *); - extern void add_history(const char *cp); - char *text; - - text = readline(prompt); - if (text == NULL) - goto end; - i = strlen(text); - if (i == 0 || i > n) - break; - if (text[i - 1] != '\\') { - p += strlen(strcpy(p, text)); - free(text); - add_history(buf); - break; - } - - text[i - 1] = '\0'; - p += strlen(strcpy(p, text)); - free(text); - n -= i; - } -#endif - } + /* If there's a command, run with that, otherwise "help". */ + ret = argc > 0 + ? do_cmd(prog, argc, argv) + : help_main(argc, argv); - if (!chopup_args(&arg, buf)) { - BIO_printf(bio_err, "Can't parse (no memory?)\n"); - break; - } - - ret = do_cmd(prog, arg.argc, arg.argv); - if (ret == EXIT_THE_PROGRAM) { - ret = 0; - goto end; - } - if (ret != 0) - BIO_printf(bio_err, "error in %s\n", arg.argv[0]); - (void)BIO_flush(bio_out); - (void)BIO_flush(bio_err); - } - ret = 1; end: app_providers_cleanup(); OPENSSL_free(default_config_file); @@ -479,10 +402,6 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) BIO_printf(bio_out, "%s\n", argv[0] + 3); return 1; } - if (strcmp(argv[0], "quit") == 0 || strcmp(argv[0], "q") == 0 || - strcmp(argv[0], "exit") == 0 || strcmp(argv[0], "bye") == 0) - /* Special value to mean "exit the program. */ - return EXIT_THE_PROGRAM; BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n", argv[0]); diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 4bf1a00b0e..c9e75eb526 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -1405,7 +1405,11 @@ The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and is silently ignored. The B<-xcertform> and B<-xkeyform> options -are obsolete since OpenSSL 3.0.0 and have no effect. +are obsolete since OpenSSL 3.0 and have no effect. + +The interactive mode, which could be invoked by running C +with no further arguments, was removed in OpenSSL 3.0, and running +that program with no arguments is now equivalent to C. =head1 COPYRIGHT From builds at travis-ci.org Fri Jun 5 08:18:58 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 05 Jun 2020 08:18:58 +0000 Subject: Fixed: openssl/openssl#35272 (master - 987e3a0) In-Reply-To: Message-ID: <5ed9fff1b0233_13fda08dd0d70210336@travis-tasks-7ffbf7b6b8-hv7pw.mail> Build Update for openssl/openssl ------------------------------------- Build: #35272 Status: Fixed Duration: 53 mins and 47 secs Commit: 987e3a0 (master) Author: Dr. David von Oheimb Message: Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md This is a follow-up of PR #12013. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12026) View the changeset: https://github.com/openssl/openssl/compare/b1c21b27dce8...987e3a0eed18 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694928626?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.org Fri Jun 5 08:54:17 2020 From: builds at travis-ci.org (Travis CI) Date: Fri, 05 Jun 2020 08:54:17 +0000 Subject: Fixed: openssl/openssl#35274 (master - eca4713) In-Reply-To: Message-ID: <5eda08393f0c8_13fbbdf014dcc9912c@travis-tasks-6864896d86-zprrh.mail> Build Update for openssl/openssl ------------------------------------- Build: #35274 Status: Fixed Duration: 42 mins and 23 secs Commit: eca4713 (master) Author: Richard Levitte Message: APPS: Drop interactive mode in the 'openssl' program This mode is severely untested and unmaintained, is seems not to be used very much. Closes #4679 Closes #6292 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12023) View the changeset: https://github.com/openssl/openssl/compare/987e3a0eed18...eca471391378 View the full build log and details: https://travis-ci.org/github/openssl/openssl/builds/694936484?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jun 5 08:57:00 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 05 Jun 2020 08:57:00 +0000 Subject: Build failed: openssl master.34722 Message-ID: <20200605085700.1.6126C695C5629154@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Jun 5 09:42:01 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 05 Jun 2020 09:42:01 +0000 Subject: [openssl] master update Message-ID: <1591350121.510671.6656.nullmailer@dev.openssl.org> The branch master has been updated via 0d52ede71685e4176999cc5e52000dcb540747fc (commit) via b38425393c76ff31560d6b0bdb0b097e7d93ffc4 (commit) via 3cd69b7458f1dfa274d4d8fe1a46a35d91e9008c (commit) via d01d375264e73f49a416409e2f8febe88ad39c8a (commit) via 5f603a280ca71b7136861b9bc408f37fd1c4e0d7 (commit) via 263ff2c9d4c88f19133d21d9956d71edd7401d54 (commit) from eca471391378139f76a7d1229b6a5a1dcc4b5603 (commit) - Log ----------------------------------------------------------------- commit 0d52ede71685e4176999cc5e52000dcb540747fc Author: Matt Caswell Date: Wed May 13 14:45:36 2020 +0100 Fix error path in int create_ssl_ctx_pair() If we hit the error path and create_ssl_ctx_pair has been passed a pre-created SSL_CTX then we could end up with a double free. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) commit b38425393c76ff31560d6b0bdb0b097e7d93ffc4 Author: Matt Caswell Date: Fri May 8 16:43:14 2020 +0100 Implement a test for sigalgs not being present If sigalgs are not present we should not offer or accept them. We should test that we handle this correctly. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) commit 3cd69b7458f1dfa274d4d8fe1a46a35d91e9008c Author: Matt Caswell Date: Mon May 4 16:26:07 2020 +0100 Implement a Filtering Provider The filtering provider can be used to place a filter in front of the default provider. Initially to filter out certain algorithms from being available for test purposes. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) commit d01d375264e73f49a416409e2f8febe88ad39c8a Author: Matt Caswell Date: Fri May 8 16:44:02 2020 +0100 Implement OSSL_PROVIDER_get0_provider_ctx() Implement a function which enables us to get hold of the provider ctx for a loaded provider. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) commit 5f603a280ca71b7136861b9bc408f37fd1c4e0d7 Author: Matt Caswell Date: Mon May 4 15:28:15 2020 +0100 Enable applications to directly call a provider's query operation This is useful to get hold of the low-level dispatch tables. This could be used to create a new provider based on an existing one. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) commit 263ff2c9d4c88f19133d21d9956d71edd7401d54 Author: Matt Caswell Date: Fri May 1 17:41:25 2020 +0100 Check that Signature Algorithms are available before using them We should confirm that Signature Algorithms are actually available through the loaded providers before we offer or select them. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11834) ----------------------------------------------------------------------- Summary of changes: crypto/provider.c | 13 +++ crypto/provider_core.c | 8 ++ doc/man3/OSSL_PROVIDER.pod | 23 +++++ include/internal/provider.h | 1 + include/openssl/provider.h | 5 ++ ssl/ssl_lib.c | 6 ++ ssl/ssl_local.h | 6 ++ ssl/t1_lib.c | 149 ++++++++++++++++++++++----------- test/build.info | 2 +- test/filterprov.c | 199 ++++++++++++++++++++++++++++++++++++++++++++ test/sslapitest.c | 160 +++++++++++++++++++++++++++++++++-- test/ssltestlib.c | 6 +- util/libcrypto.num | 2 + 13 files changed, 525 insertions(+), 55 deletions(-) create mode 100644 test/filterprov.c diff --git a/crypto/provider.c b/crypto/provider.c index 13438cefe3..02002a5f95 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -57,6 +57,19 @@ int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) return ossl_provider_get_params(prov, params); } + +const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, + int operation_id, + int *no_cache) +{ + return ossl_provider_query_operation(prov, operation_id, no_cache); +} + +void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov) +{ + return ossl_provider_prov_ctx(prov); +} + int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name, OSSL_provider_init_fn *init_fn) { diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 8b868fdb6b..f7af51a297 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -787,6 +787,14 @@ const char *ossl_provider_module_path(const OSSL_PROVIDER *prov) #endif } +void *ossl_provider_prov_ctx(const OSSL_PROVIDER *prov) +{ + if (prov != NULL) + return prov->provctx; + + return NULL; +} + OPENSSL_CTX *ossl_provider_library_context(const OSSL_PROVIDER *prov) { /* TODO(3.0) just: return prov->libctx; */ diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index 93d6e1421c..d6f0af53c9 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -6,6 +6,7 @@ OSSL_PROVIDER_set_default_search_path, OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload, OSSL_PROVIDER_available, OSSL_PROVIDER_do_all, OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params, +OSSL_PROVIDER_query_operation, OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines =head1 SYNOPSIS @@ -27,6 +28,11 @@ OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]); + const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, + int operation_id, + int *no_cache); + void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov); + int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name, ossl_provider_init_fn *init_fn); @@ -82,6 +88,20 @@ The caller must prepare the B array before calling this function, and the variables acting as buffers for this parameter array should be filled with data when it returns successfully. +OSSL_PROVIDER_query_operation() calls the provider's I +function (see L), if the provider has one. It returns an +array of I for the given I terminated by an all +NULL OSSL_ALGORITHM entry. This is considered a low-level function that most +applications should not need to call. + +OSSL_PROVIDER_get0_provider_ctx() returns the provider context for the given +provider. The provider context is an opaque handle set by the provider itself +and is passed back to the provider by libcrypto in various function calls. + +If it is permissible to cache references to this array then I<*no_store> is set +to 0 or 1 otherwise. If the array is not cacheable then it is assumed to +have a short lifetime. + OSSL_PROVIDER_name() returns the name of the given provider. =head1 RETURN VALUES @@ -101,6 +121,9 @@ of constant B, or NULL if none is provided. OSSL_PROVIDER_get_params() returns 1 on success, or 0 on error. +OSSL_PROVIDER_query_operation() returns an array of OSSL_ALGORITHM or NULL on +error. + =head1 EXAMPLES This demonstrates how to load the provider module "foo" and ask for diff --git a/include/internal/provider.h b/include/internal/provider.h index 135b660f49..d7c0926a0b 100644 --- a/include/internal/provider.h +++ b/include/internal/provider.h @@ -64,6 +64,7 @@ const char *ossl_provider_name(const OSSL_PROVIDER *prov); const DSO *ossl_provider_dso(const OSSL_PROVIDER *prov); const char *ossl_provider_module_name(const OSSL_PROVIDER *prov); const char *ossl_provider_module_path(const OSSL_PROVIDER *prov); +void *ossl_provider_prov_ctx(const OSSL_PROVIDER *prov); OPENSSL_CTX *ossl_provider_library_context(const OSSL_PROVIDER *prov); /* Thin wrappers around calls to the provider */ diff --git a/include/openssl/provider.h b/include/openssl/provider.h index 6ce68b16e7..e9a1408675 100644 --- a/include/openssl/provider.h +++ b/include/openssl/provider.h @@ -30,6 +30,11 @@ int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx, const OSSL_PARAM *OSSL_PROVIDER_gettable_params(const OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); +const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, + int operation_id, + int *no_cache); +void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov); + /* Add a built in providers */ int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name, OSSL_provider_init_fn *init_fn); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index cb02129d9d..c2c2388716 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3166,6 +3166,10 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, /* initialize cipher/digest methods table */ if (!ssl_load_ciphers(ret)) goto err2; + /* initialise sig algs */ + if (!ssl_setup_sig_algs(ret)) + goto err2; + if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) goto err; @@ -3386,6 +3390,8 @@ void SSL_CTX_free(SSL_CTX *a) for (i = 0; i < SSL_MD_NUM_IDX; i++) ssl_evp_md_free(a->ssl_digest_methods[i]); + OPENSSL_free(a->sigalg_lookup_cache); + CRYPTO_THREAD_lock_free(a->lock); OPENSSL_free(a->propq); diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index 5e2379c093..d2e8e23e23 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1157,6 +1157,9 @@ struct ssl_ctx_st { const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]; const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]; size_t ssl_mac_secret_size[SSL_MD_NUM_IDX]; + + /* Cache of all sigalgs we know and whether they are available or not */ + struct sigalg_lookup_st *sigalg_lookup_cache; }; typedef struct cert_pkey_st CERT_PKEY; @@ -1776,6 +1779,8 @@ typedef struct sigalg_lookup_st { int sigandhash; /* Required public key curve (ECDSA only) */ int curve; + /* Whether this signature algorithm is actually available for use */ + int enabled; } SIGALG_LOOKUP; typedef struct tls_group_info_st { @@ -2432,6 +2437,7 @@ __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_x509err2alert(int type); void ssl_sort_cipher_list(void); int ssl_load_ciphers(SSL_CTX *ctx); +__owur int ssl_setup_sig_algs(SSL_CTX *ctx); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, size_t len, DOWNGRADE dgrd); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 5afe53acfc..a59d992e47 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -793,97 +793,97 @@ static const SIGALG_LOOKUP sigalg_lookup_tbl[] = { #ifndef OPENSSL_NO_EC {"ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA256, NID_X9_62_prime256v1}, + NID_ecdsa_with_SHA256, NID_X9_62_prime256v1, 1}, {"ecdsa_secp384r1_sha384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384, NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA384, NID_secp384r1}, + NID_ecdsa_with_SHA384, NID_secp384r1, 1}, {"ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512, NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA512, NID_secp521r1}, + NID_ecdsa_with_SHA512, NID_secp521r1, 1}, {"ed25519", TLSEXT_SIGALG_ed25519, NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {"ed448", TLSEXT_SIGALG_ed448, NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {NULL, TLSEXT_SIGALG_ecdsa_sha224, NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA224, NID_undef}, + NID_ecdsa_with_SHA224, NID_undef, 1}, {NULL, TLSEXT_SIGALG_ecdsa_sha1, NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC, - NID_ecdsa_with_SHA1, NID_undef}, + NID_ecdsa_with_SHA1, NID_undef, 1}, #endif {"rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {"rsa_pss_rsae_sha384", TLSEXT_SIGALG_rsa_pss_rsae_sha384, NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {"rsa_pss_rsae_sha512", TLSEXT_SIGALG_rsa_pss_rsae_sha512, NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {"rsa_pss_pss_sha256", TLSEXT_SIGALG_rsa_pss_pss_sha256, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {"rsa_pss_pss_sha384", TLSEXT_SIGALG_rsa_pss_pss_sha384, NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {"rsa_pss_pss_sha512", TLSEXT_SIGALG_rsa_pss_pss_sha512, NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {"rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha256WithRSAEncryption, NID_undef}, + NID_sha256WithRSAEncryption, NID_undef, 1}, {"rsa_pkcs1_sha384", TLSEXT_SIGALG_rsa_pkcs1_sha384, NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha384WithRSAEncryption, NID_undef}, + NID_sha384WithRSAEncryption, NID_undef, 1}, {"rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512, NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha512WithRSAEncryption, NID_undef}, + NID_sha512WithRSAEncryption, NID_undef, 1}, {"rsa_pkcs1_sha224", TLSEXT_SIGALG_rsa_pkcs1_sha224, NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha224WithRSAEncryption, NID_undef}, + NID_sha224WithRSAEncryption, NID_undef, 1}, {"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1, NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_sha1WithRSAEncryption, NID_undef}, + NID_sha1WithRSAEncryption, NID_undef, 1}, #ifndef OPENSSL_NO_DSA {NULL, TLSEXT_SIGALG_dsa_sha256, NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_dsa_with_SHA256, NID_undef}, + NID_dsa_with_SHA256, NID_undef, 1}, {NULL, TLSEXT_SIGALG_dsa_sha384, NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {NULL, TLSEXT_SIGALG_dsa_sha512, NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {NULL, TLSEXT_SIGALG_dsa_sha224, NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {NULL, TLSEXT_SIGALG_dsa_sha1, NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN, - NID_dsaWithSHA1, NID_undef}, + NID_dsaWithSHA1, NID_undef, 1}, #endif #ifndef OPENSSL_NO_GOST {NULL, TLSEXT_SIGALG_gostr34102012_256_intrinsic, NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {NULL, TLSEXT_SIGALG_gostr34102012_512_intrinsic, NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX, NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX, NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512, - NID_undef, NID_undef}, + NID_undef, NID_undef, 1}, {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411, NID_id_GostR3411_94, SSL_MD_GOST94_IDX, NID_id_GostR3410_2001, SSL_PKEY_GOST01, - NID_undef, NID_undef} + NID_undef, NID_undef, 1} #endif }; /* Legacy sigalgs for TLS < 1.2 RSA TLS signatures */ @@ -891,7 +891,7 @@ static const SIGALG_LOOKUP legacy_rsa_sigalg = { "rsa_pkcs1_md5_sha1", 0, NID_md5_sha1, SSL_MD_MD5_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA, - NID_undef, NID_undef + NID_undef, NID_undef, 1 }; /* @@ -910,16 +910,72 @@ static const uint16_t tls_default_sigalg[] = { 0, /* SSL_PKEY_ED448 */ }; +int ssl_setup_sig_algs(SSL_CTX *ctx) +{ + size_t i; + const SIGALG_LOOKUP *lu; + SIGALG_LOOKUP *cache + = OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl)); + EVP_PKEY *tmpkey = EVP_PKEY_new(); + int ret = 0; + + if (cache == NULL || tmpkey == NULL) + goto err; + + ERR_set_mark(); + for (i = 0, lu = sigalg_lookup_tbl; + i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) { + EVP_PKEY_CTX *pctx; + + cache[i] = *lu; + + /* + * Check hash is available. + * TODO(3.0): This test is not perfect. A provider could have support + * for a signature scheme, but not a particular hash. However the hash + * could be available from some other loaded provider. In that case it + * could be that the signature is available, and the hash is available + * independently - but not as a combination. We ignore this for now. + */ + if (lu->hash != NID_undef + && ctx->ssl_digest_methods[lu->hash_idx] == NULL) { + cache[i].enabled = 0; + continue; + } + + if (!EVP_PKEY_set_type(tmpkey, lu->sig)) { + cache[i].enabled = 0; + continue; + } + pctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, tmpkey, ctx->propq); + /* If unable to create pctx we assume the sig algorithm is unavailable */ + if (pctx == NULL) + cache[i].enabled = 0; + EVP_PKEY_CTX_free(pctx); + } + ERR_pop_to_mark(); + ctx->sigalg_lookup_cache = cache; + cache = NULL; + + ret = 1; + err: + OPENSSL_free(cache); + EVP_PKEY_free(tmpkey); + return ret; +} + /* Lookup TLS signature algorithm */ -static const SIGALG_LOOKUP *tls1_lookup_sigalg(uint16_t sigalg) +static const SIGALG_LOOKUP *tls1_lookup_sigalg(const SSL *s, uint16_t sigalg) { size_t i; - const SIGALG_LOOKUP *s; + const SIGALG_LOOKUP *lu; - for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl); - i++, s++) { - if (s->sigalg == sigalg) - return s; + for (i = 0, lu = s->ctx->sigalg_lookup_cache; + /* cache should have the same number of elements as sigalg_lookup_tbl */ + i < OSSL_NELEM(sigalg_lookup_tbl); + lu++, i++) { + if (lu->sigalg == sigalg) + return lu; } return NULL; } @@ -1023,7 +1079,7 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx) if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg)) return NULL; if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) { - const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]); + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, tls_default_sigalg[idx]); if (!tls1_lookup_md(s->ctx, lu, NULL)) return NULL; @@ -1107,7 +1163,7 @@ int tls_check_sigalg_curve(const SSL *s, int curve) } for (i = 0; i < siglen; i++) { - const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]); + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, sigs[i]); if (lu == NULL) continue; @@ -1187,7 +1243,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) if (pkeyid == EVP_PKEY_RSA) pkeyid = EVP_PKEY_RSA_PSS; } - lu = tls1_lookup_sigalg(sig); + lu = tls1_lookup_sigalg(s, sig); /* * Check sigalgs is known. Disallow SHA1/SHA224 with TLS 1.3. Check key type * is consistent with signature: RSA keys can be used for RSA-PSS @@ -1761,8 +1817,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) unsigned char sigalgstr[2]; int secbits; - /* See if sigalgs is recognised and if hash is enabled */ - if (!tls1_lookup_md(s->ctx, lu, NULL)) + if (lu == NULL || !lu->enabled) return 0; /* DSA is not allowed in TLS 1.3 */ if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA) @@ -1841,7 +1896,7 @@ void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op) */ sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs); for (i = 0; i < sigalgslen; i++, sigalgs++) { - const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs); + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *sigalgs); const SSL_CERT_LOOKUP *clu; if (lu == NULL) @@ -1866,7 +1921,7 @@ int tls12_copy_sigalgs(SSL *s, WPACKET *pkt, int rv = 0; for (i = 0; i < psiglen; i++, psig++) { - const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*psig); + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *psig); if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu)) continue; @@ -1895,7 +1950,7 @@ static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig, const uint16_t *ptmp, *atmp; size_t i, j, nmatch = 0; for (i = 0, ptmp = pref; i < preflen; i++, ptmp++) { - const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*ptmp); + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *ptmp); /* Skip disabled hashes or signature algorithms */ if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu)) @@ -2056,7 +2111,7 @@ int SSL_get_sigalgs(SSL *s, int idx, *rhash = (unsigned char)((*psig >> 8) & 0xff); if (rsig != NULL) *rsig = (unsigned char)(*psig & 0xff); - lu = tls1_lookup_sigalg(*psig); + lu = tls1_lookup_sigalg(s, *psig); if (psign != NULL) *psign = lu != NULL ? lu->sig : NID_undef; if (phash != NULL) @@ -2294,7 +2349,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) } for (i = 0; i < sigalgslen; i++) { sigalg = use_pc_sigalgs - ? tls1_lookup_sigalg(s->s3.tmp.peer_cert_sigalgs[i]) + ? tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]) : s->shared_sigalgs[i]; if (sigalg != NULL && sig_nid == sigalg->sigandhash) return 1; @@ -2442,7 +2497,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, size_t j; const uint16_t *p = c->conf_sigalgs; for (j = 0; j < c->conf_sigalgslen; j++, p++) { - const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*p); + const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(s, *p); if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign) break; @@ -2777,7 +2832,7 @@ static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x, if (!X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL)) return 0; for (i = 0; i < s->s3.tmp.peer_cert_sigalgslen; i++) { - lu = tls1_lookup_sigalg(s->s3.tmp.peer_cert_sigalgs[i]); + lu = tls1_lookup_sigalg(s, s->s3.tmp.peer_cert_sigalgs[i]); if (lu == NULL) continue; diff --git a/test/build.info b/test/build.info index 3255a836de..868b8ebefa 100644 --- a/test/build.info +++ b/test/build.info @@ -290,7 +290,7 @@ IF[{- !$disabled{tests} -}] INCLUDE[param_build_test]=../include ../apps/include DEPEND[param_build_test]=../libcrypto.a libtestutil.a - SOURCE[sslapitest]=sslapitest.c ssltestlib.c + SOURCE[sslapitest]=sslapitest.c ssltestlib.c filterprov.c INCLUDE[sslapitest]=../include ../apps/include .. DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a diff --git a/test/filterprov.c b/test/filterprov.c new file mode 100644 index 0000000000..9fe6690e50 --- /dev/null +++ b/test/filterprov.c @@ -0,0 +1,199 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * A filtering provider for test purposes. We pass all calls through to the + * default provider except where we want other behaviour for a test. + */ + +#include +#include +#include +#include +#include + +OSSL_provider_init_fn filter_provider_init; + +int filter_provider_set_filter(int operation, const char *name); + +#define MAX_FILTERS 10 +#define MAX_ALG_FILTERS 5 + +struct filter_prov_globals_st { + OPENSSL_CTX *libctx; + OSSL_PROVIDER *deflt; + struct { + int operation; + OSSL_ALGORITHM alg[MAX_ALG_FILTERS + 1]; + } dispatch[MAX_FILTERS]; + int num_dispatch; +}; + +static struct filter_prov_globals_st ourglobals; + +static struct filter_prov_globals_st *get_globals(void) +{ + /* + * Ideally we'd like to store this in the OPENSSL_CTX so that we can have + * more than one instance of the filter provider at a time. But for now we + * just make it simple. + */ + return &ourglobals; +} + +static OSSL_provider_gettable_params_fn filter_gettable_params; +static OSSL_provider_get_params_fn filter_get_params; +static OSSL_provider_query_operation_fn filter_query; +static OSSL_provider_teardown_fn filter_teardown; + +static const OSSL_PARAM *filter_gettable_params(void *provctx) +{ + struct filter_prov_globals_st *globs = get_globals(); + + return OSSL_PROVIDER_gettable_params(globs->deflt); +} + +static int filter_get_params(void *provctx, OSSL_PARAM params[]) +{ + struct filter_prov_globals_st *globs = get_globals(); + + return OSSL_PROVIDER_get_params(globs->deflt, params); +} + +static const OSSL_ALGORITHM *filter_query(void *provctx, + int operation_id, + int *no_cache) +{ + struct filter_prov_globals_st *globs = get_globals(); + int i; + + for (i = 0; i < globs->num_dispatch; i++) { + if (globs->dispatch[i].operation == operation_id) { + *no_cache = 0; + return globs->dispatch[i].alg; + } + } + + /* No filter set, so pass it down to the chained provider */ + return OSSL_PROVIDER_query_operation(globs->deflt, operation_id, no_cache); +} + +static void filter_teardown(void *provctx) +{ + struct filter_prov_globals_st *globs = get_globals(); + + OSSL_PROVIDER_unload(globs->deflt); + OPENSSL_CTX_free(globs->libctx); +} + +/* Functions we provide to the core */ +static const OSSL_DISPATCH filter_dispatch_table[] = { + { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))filter_gettable_params }, + { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))filter_get_params }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))filter_query }, + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))filter_teardown }, + { 0, NULL } +}; + +int filter_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) +{ + memset(&ourglobals, 0, sizeof(ourglobals)); + ourglobals.libctx = OPENSSL_CTX_new(); + if (ourglobals.libctx == NULL) + goto err; + + ourglobals.deflt = OSSL_PROVIDER_load(ourglobals.libctx, "default"); + if (ourglobals.deflt == NULL) + goto err; + + *provctx = OSSL_PROVIDER_get0_provider_ctx(ourglobals.deflt); + *out = filter_dispatch_table; + return 1; + + err: + OSSL_PROVIDER_unload(ourglobals.deflt); + OPENSSL_CTX_free(ourglobals.libctx); + return 0; +} + +/* + * Set a filter for the given operation id. The filter string is a colon + * separated list of algorithms that will be made available by this provider. + * Anything not in the filter will be suppressed. If a filter is not set for + * a given operation id then all algorithms are made available. + */ +int filter_provider_set_filter(int operation, const char *filterstr) +{ + int no_cache = 0; + int algnum = 0, last = 0, ret = 0; + struct filter_prov_globals_st *globs = get_globals(); + size_t namelen; + char *filterstrtmp = OPENSSL_strdup(filterstr); + char *name, *sep; + const OSSL_ALGORITHM *provalgs = OSSL_PROVIDER_query_operation(globs->deflt, + operation, + &no_cache); + const OSSL_ALGORITHM *algs; + + if (filterstrtmp == NULL) + goto err; + + /* We don't support no_cache */ + if (no_cache) + goto err; + + /* Nothing to filter */ + if (provalgs == NULL) + goto err; + + if (globs->num_dispatch >= MAX_FILTERS) + goto err; + + for (name = filterstrtmp; !last; name = sep + 1) { + sep = strstr(name, ":"); + if (sep != NULL) + *sep = '\0'; + else + last = 1; + namelen = strlen(name); + + for (algs = provalgs; algs->algorithm_names != NULL; algs++) { + const char *found = strstr(algs->algorithm_names, name); + + if (found == NULL) + continue; + if (found[namelen] != '\0' && found[namelen] != ':') + continue; + if (found != algs->algorithm_names && found[-1] != ':') + continue; + + /* We found a match */ + if (algnum >= MAX_ALG_FILTERS) + goto err; + + globs->dispatch[globs->num_dispatch].alg[algnum++] = *algs; + break; + } + if (algs->algorithm_names == NULL) { + /* No match found */ + goto err; + } + } + + globs->dispatch[globs->num_dispatch].operation = operation; + globs->num_dispatch++; + + ret = 1; + err: + OPENSSL_free(filterstrtmp); + return ret; +} diff --git a/test/sslapitest.c b/test/sslapitest.c index 423da560ae..8847ba38ce 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include "ssltestlib.h" @@ -37,6 +38,10 @@ #include "internal/ktls.h" #include "../ssl/ssl_local.h" +/* Defined in filterprov.c */ +OSSL_provider_init_fn filter_provider_init; +int filter_provider_set_filter(int operation, const char *name); + DEFINE_STACK_OF(OCSP_RESPID) DEFINE_STACK_OF(X509) DEFINE_STACK_OF(X509_NAME) @@ -65,6 +70,8 @@ static SSL_SESSION *create_a_psk(SSL *ssl); static char *certsdir = NULL; static char *cert = NULL; static char *privkey = NULL; +static char *cert2 = NULL; +static char *privkey2 = NULL; static char *srpvfile = NULL; static char *tmpfilename = NULL; @@ -7664,6 +7671,131 @@ static int test_servername(int tst) return testresult; } +#ifndef OPENSSL_NO_EC +/* + * Test that if signature algorithms are not available, then we do not offer or + * accept them. + * Test 0: Two RSA sig algs available: both RSA sig algs shared + * Test 1: The client only has SHA2-256: only SHA2-256 algorithms shared + * Test 2: The server only has SHA2-256: only SHA2-256 algorithms shared + * Test 3: An RSA and an ECDSA sig alg available: both sig algs shared + * Test 4: The client only has an ECDSA sig alg: only ECDSA algorithms shared + * Test 5: The server only has an ECDSA sig alg: only ECDSA algorithms shared + */ +static int test_sigalgs_available(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + OPENSSL_CTX *tmpctx = OPENSSL_CTX_new(); + OPENSSL_CTX *clientctx = libctx, *serverctx = libctx; + OSSL_PROVIDER *filterprov = NULL; + int sig, hash; + + if (!TEST_ptr(tmpctx)) + goto end; + + if (idx != 0 && idx != 3) { + if (!TEST_true(OSSL_PROVIDER_add_builtin(tmpctx, "filter", + filter_provider_init))) + goto end; + + filterprov = OSSL_PROVIDER_load(tmpctx, "filter"); + if (!TEST_ptr(filterprov)) + goto end; + + if (idx < 3) { + /* + * Only enable SHA2-256 so rsa_pss_rsae_sha384 should not be offered + * or accepted for the peer that uses this libctx. Note that libssl + * *requires* SHA2-256 to be available so we cannot disable that. We + * also need SHA1 for our certificate. + */ + if (!TEST_true(filter_provider_set_filter(OSSL_OP_DIGEST, + "SHA2-256:SHA1"))) + goto end; + } else { + if (!TEST_true(filter_provider_set_filter(OSSL_OP_SIGNATURE, + "ECDSA")) + || !TEST_true(filter_provider_set_filter(OSSL_OP_KEYMGMT, + "EC:X25519:X448"))) + goto end; + } + + if (idx == 1 || idx == 4) + clientctx = tmpctx; + else + serverctx = tmpctx; + } + + cctx = SSL_CTX_new_with_libctx(clientctx, NULL, TLS_client_method()); + sctx = SSL_CTX_new_with_libctx(serverctx, NULL, TLS_server_method()); + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + 0, + &sctx, &cctx, cert, privkey))) + goto end; + + if (idx < 3) { + if (!SSL_CTX_set1_sigalgs_list(cctx, + "rsa_pss_rsae_sha384" + ":rsa_pss_rsae_sha256") + || !SSL_CTX_set1_sigalgs_list(sctx, + "rsa_pss_rsae_sha384" + ":rsa_pss_rsae_sha256")) + goto end; + } else { + if (!SSL_CTX_set1_sigalgs_list(cctx, "rsa_pss_rsae_sha256:ECDSA+SHA256") + || !SSL_CTX_set1_sigalgs_list(sctx, + "rsa_pss_rsae_sha256:ECDSA+SHA256")) + goto end; + } + + if (!TEST_int_eq(SSL_CTX_use_certificate_file(sctx, cert2, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(sctx, + privkey2, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_check_private_key(sctx), 1)) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + /* For tests 0 and 3 we expect 2 shared sigalgs, otherwise exactly 1 */ + if (!TEST_int_eq(SSL_get_shared_sigalgs(serverssl, 0, &sig, &hash, NULL, + NULL, NULL), + (idx == 0 || idx == 3) ? 2 : 1)) + goto end; + + if (!TEST_int_eq(hash, idx == 0 ? NID_sha384 : NID_sha256)) + goto end; + + if (!TEST_int_eq(sig, (idx == 4 || idx == 5) ? EVP_PKEY_EC + : NID_rsassaPss)) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + OSSL_PROVIDER_unload(filterprov); + OPENSSL_CTX_free(tmpctx); + + return testresult; +} +#endif /* OPENSSL_NO_EC */ + + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config\n") int setup_tests(void) @@ -7730,13 +7862,19 @@ int setup_tests(void) cert = test_mk_file_path(certsdir, "servercert.pem"); if (cert == NULL) - return 0; + goto err; privkey = test_mk_file_path(certsdir, "serverkey.pem"); - if (privkey == NULL) { - OPENSSL_free(cert); - return 0; - } + if (privkey == NULL) + goto err; + + cert2 = test_mk_file_path(certsdir, "server-ecdsa-cert.pem"); + if (cert2 == NULL) + goto err; + + privkey2 = test_mk_file_path(certsdir, "server-ecdsa-key.pem"); + if (privkey2 == NULL) + goto err; #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \ && !defined(OPENSSL_NO_SOCK) @@ -7859,13 +7997,25 @@ int setup_tests(void) ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data)); #endif ADD_ALL_TESTS(test_servername, 10); +#ifndef OPENSSL_NO_EC + ADD_ALL_TESTS(test_sigalgs_available, 6); +#endif return 1; + + err: + OPENSSL_free(cert); + OPENSSL_free(privkey); + OPENSSL_free(cert2); + OPENSSL_free(privkey2); + return 0; } void cleanup_tests(void) { OPENSSL_free(cert); OPENSSL_free(privkey); + OPENSSL_free(cert2); + OPENSSL_free(privkey2); bio_s_mempacket_test_free(); bio_s_always_retry_free(); OSSL_PROVIDER_unload(defctxnull); diff --git a/test/ssltestlib.c b/test/ssltestlib.c index ce0e776110..96c1a7f2de 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -741,8 +741,10 @@ const SSL_METHOD *cm, return 1; err: - SSL_CTX_free(serverctx); - SSL_CTX_free(clientctx); + if (*sctx == NULL) + SSL_CTX_free(serverctx); + if (cctx != NULL && *cctx == NULL) + SSL_CTX_free(clientctx); return 0; } diff --git a/util/libcrypto.num b/util/libcrypto.num index fd0509172f..a34d467099 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5097,3 +5097,5 @@ EC_GROUP_get_field_type ? 3_0_0 EXIST::FUNCTION:EC X509_PUBKEY_eq ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_eq ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_parameters_eq ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_query_operation ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_get0_provider_ctx ? 3_0_0 EXIST::FUNCTION: From matt at openssl.org Fri Jun 5 10:15:25 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 05 Jun 2020 10:15:25 +0000 Subject: [openssl] master update Message-ID: <1591352125.929078.8136.nullmailer@dev.openssl.org> The branch master has been updated via 7b2d995ed79f0653defd682e5097ed937f4cabbc (commit) via 7fa2b2673edd684ceb94ff19346f08121da9774f (commit) via 11391da217b5d07dd30dd4c1890b5320fa56be18 (commit) via 6a9bd9298bd706e3a4a40ecfa1d89f65f8592c65 (commit) from 0d52ede71685e4176999cc5e52000dcb540747fc (commit) - Log ----------------------------------------------------------------- commit 7b2d995ed79f0653defd682e5097ed937f4cabbc Author: Matt Caswell Date: Tue Jun 2 08:57:26 2020 +0100 Don't downgrade keys in libssl We were downgrading to legacy keys at various points in libssl in order to get or set an encoded point. Now that the encoded point functions work with provided keys this is no longer necessary. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11898) commit 7fa2b2673edd684ceb94ff19346f08121da9774f Author: Matt Caswell Date: Thu May 21 11:36:21 2020 +0100 When asked if an ECX key has parameters we should answer "true" An ECX key doesn't have any parameters associated with it. Therefore it always has all the parameters it needs, and the "has" function should return 1 if asked about parameters. Without this EVP_PKEY_missing_parameters() fails for ECX keys. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11898) commit 11391da217b5d07dd30dd4c1890b5320fa56be18 Author: Matt Caswell Date: Thu May 21 11:33:53 2020 +0100 Always create a key when importing Even if there is no data to import we should still create an empty key. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11898) commit 6a9bd9298bd706e3a4a40ecfa1d89f65f8592c65 Author: Matt Caswell Date: Wed May 20 16:20:27 2020 +0100 Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys EVP_PKEY_[get1|set1]_tls_encodedpoint() only worked if an ameth was present which isn't the case for provided keys. Support has been added to dh, ec and ecx keys. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11898) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_ameth.c | 2 +- crypto/dh/dh_key.c | 40 ++++++---- crypto/dh/dh_local.h | 3 - crypto/evp/keymgmt_lib.c | 14 ++-- crypto/evp/p_lib.c | 39 ++++++++++ doc/man7/EVP_PKEY-DH.pod | 5 ++ doc/man7/EVP_PKEY-EC.pod | 5 ++ doc/man7/EVP_PKEY-X25519.pod | 5 ++ include/crypto/dh.h | 3 + include/openssl/core_names.h | 1 + providers/implementations/keymgmt/dh_kmgmt.c | 38 +++++++++ providers/implementations/keymgmt/ec_kmgmt.c | 31 ++++++++ providers/implementations/keymgmt/ecx_kmgmt.c | 107 ++++++++++++++++++++++++-- ssl/statem/extensions_clnt.c | 31 -------- ssl/statem/extensions_srvr.c | 30 -------- ssl/statem/statem_clnt.c | 30 -------- ssl/statem/statem_srvr.c | 29 ------- ssl/t1_lib.c | 11 --- test/evp_pkey_provided_test.c | 3 +- 19 files changed, 261 insertions(+), 166 deletions(-) diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index d93d519444..d5e5f72517 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -438,7 +438,7 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: return dh_buf2key(EVP_PKEY_get0_DH(pkey), arg2, arg1); case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: - return dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2); + return dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1); default: return -2; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 1893b487ca..5d2acca25c 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -351,10 +351,10 @@ err: return 0; } -size_t dh_key2buf(const DH *dh, unsigned char **pbuf_out) +size_t dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size, int alloc) { const BIGNUM *pubkey; - unsigned char *pbuf; + unsigned char *pbuf = NULL; const BIGNUM *p; int p_size; @@ -366,19 +366,29 @@ size_t dh_key2buf(const DH *dh, unsigned char **pbuf_out) DHerr(DH_F_DH_KEY2BUF, DH_R_INVALID_PUBKEY); return 0; } - if ((pbuf = OPENSSL_malloc(p_size)) == NULL) { - DHerr(DH_F_DH_KEY2BUF, ERR_R_MALLOC_FAILURE); - return 0; - } - /* - * As per Section 4.2.8.1 of RFC 8446 left pad public - * key with zeros to the size of p - */ - if (BN_bn2binpad(pubkey, pbuf, p_size) < 0) { - OPENSSL_free(pbuf); - DHerr(DH_F_DH_KEY2BUF, DH_R_BN_ERROR); - return 0; + if (pbuf_out != NULL && (alloc || *pbuf_out != NULL)) { + if (!alloc) { + if (size >= (size_t)p_size) + pbuf = *pbuf_out; + } else { + pbuf = OPENSSL_malloc(p_size); + } + + if (pbuf == NULL) { + DHerr(DH_F_DH_KEY2BUF, ERR_R_MALLOC_FAILURE); + return 0; + } + /* + * As per Section 4.2.8.1 of RFC 8446 left pad public + * key with zeros to the size of p + */ + if (BN_bn2binpad(pubkey, pbuf, p_size) < 0) { + if (alloc) + OPENSSL_free(pbuf); + DHerr(DH_F_DH_KEY2BUF, DH_R_BN_ERROR); + return 0; + } + *pbuf_out = pbuf; } - *pbuf_out = pbuf; return p_size; } diff --git a/crypto/dh/dh_local.h b/crypto/dh/dh_local.h index a54d25f487..51c3f974e1 100644 --- a/crypto/dh/dh_local.h +++ b/crypto/dh/dh_local.h @@ -58,6 +58,3 @@ struct dh_method { int (*generate_params) (DH *dh, int prime_len, int generator, BN_GENCB *cb); }; - -int dh_buf2key(DH *key, const unsigned char *buf, size_t len); -size_t dh_key2buf(const DH *dh, unsigned char **pbuf); diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index a712233043..68ed74b23a 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -39,6 +39,13 @@ static int try_import(const OSSL_PARAM params[], void *arg) { struct import_data_st *data = arg; + /* Just in time creation of keydata */ + if (data->keydata == NULL + && (data->keydata = evp_keymgmt_newdata(data->keymgmt)) == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + return 0; + } + /* * It's fine if there was no data to transfer, we just end up with an * empty destination key. @@ -46,13 +53,6 @@ static int try_import(const OSSL_PARAM params[], void *arg) if (params[0].key == NULL) return 1; - /* Just in time creation of keydata, if needed */ - if (data->keydata == NULL - && (data->keydata = evp_keymgmt_newdata(data->keymgmt)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - return evp_keymgmt_import(data->keymgmt, data->keydata, data->selection, params); } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 4670912588..1d57a22aee 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1215,6 +1215,18 @@ int EVP_PKEY_supports_digest_nid(EVP_PKEY *pkey, int nid) int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, const unsigned char *pt, size_t ptlen) { + if (pkey->ameth == NULL) { + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + if (pkey->keymgmt == NULL || pkey->keydata == NULL) + return 0; + + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, + (unsigned char *)pt, ptlen); + return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params); + } + if (ptlen > INT_MAX) return 0; if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen, @@ -1226,6 +1238,33 @@ int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt) { int rv; + + if (pkey->ameth == NULL) { + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + if (pkey->keymgmt == NULL || pkey->keydata == NULL) + return 0; + + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, + NULL, 0); + if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)) + return 0; + + *ppt = OPENSSL_malloc(params[0].return_size); + if (*ppt == NULL) + return 0; + + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, + *ppt, params[0].return_size); + if (!evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params)) + return 0; + + return params[0].return_size; + } + + rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt); if (rv <= 0) return 0; diff --git a/doc/man7/EVP_PKEY-DH.pod b/doc/man7/EVP_PKEY-DH.pod index 33b19a74f9..d2a49b7bfa 100644 --- a/doc/man7/EVP_PKEY-DH.pod +++ b/doc/man7/EVP_PKEY-DH.pod @@ -54,6 +54,11 @@ validation is required. The default value is 2. These are not named safe prime groups so setting this value for the OpenSSL FIPS provider will instead choose a named safe prime group based on the size of I

    . +=item "tls-encoded-pt" (B) + +Used for getting and setting the encoding of the DH public key used in a key +exchange message for the TLS protocol. + =back =head2 DH domain parameter / key generation parameters diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod index 1995cf7676..85e633ceed 100644 --- a/doc/man7/EVP_PKEY-EC.pod +++ b/doc/man7/EVP_PKEY-EC.pod @@ -39,6 +39,11 @@ The public key value in EC point format. The private key value. +=item "tls-encoded-pt" (B) + +Used for getting and setting the encoding of the EC public key used in key +exchange message for the TLS protocol. + =back =head1 EXAMPLES diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod index fa8c86844a..ebeda8d814 100644 --- a/doc/man7/EVP_PKEY-X25519.pod +++ b/doc/man7/EVP_PKEY-X25519.pod @@ -34,6 +34,11 @@ The public key value. The private key value. +=item "tls-encoded-pt" (B) + +Used for getting and setting the encoding of the public key used in a key exchange +message for the TLS protocol. + =back =head2 ED25519 and ED448 parameters diff --git a/include/crypto/dh.h b/include/crypto/dh.h index 1ae2c2f0a3..f67b4e01cd 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -32,3 +32,6 @@ int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret); int dh_check_pairwise(DH *dh); const DH_METHOD *dh_get_method(const DH *dh); + +int dh_buf2key(DH *key, const unsigned char *buf, size_t len); +size_t dh_key2buf(const DH *dh, unsigned char **pbuf, size_t size, int alloc); diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 8bafc1ba5e..f04168e819 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -194,6 +194,7 @@ extern "C" { #define OSSL_PKEY_PARAM_MASKGENFUNC "mgf" #define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" #define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" +#define OSSL_PKEY_PARAM_TLS_ENCODED_PT "tls-encoded-pt" /* Diffie-Hellman/DSA public/private key */ #define OSSL_PKEY_PARAM_PUB_KEY "pub" diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index 1e344bdc20..0dd1796dc0 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -36,6 +36,8 @@ static OSSL_OP_keymgmt_gen_fn dh_gen; static OSSL_OP_keymgmt_gen_cleanup_fn dh_gen_cleanup; static OSSL_OP_keymgmt_get_params_fn dh_get_params; static OSSL_OP_keymgmt_gettable_params_fn dh_gettable_params; +static OSSL_OP_keymgmt_set_params_fn dh_set_params; +static OSSL_OP_keymgmt_settable_params_fn dh_settable_params; static OSSL_OP_keymgmt_has_fn dh_has; static OSSL_OP_keymgmt_match_fn dh_match; static OSSL_OP_keymgmt_validate_fn dh_validate; @@ -298,6 +300,15 @@ static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[]) if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL && !OSSL_PARAM_set_int(p, DH_size(dh))) return 0; + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) { + if (p->data_type != OSSL_PARAM_OCTET_STRING) + return 0; + p->return_size = dh_key2buf(dh, (unsigned char **)&p->data, + p->data_size, 0); + if (p->return_size == 0) + return 0; + } + return ffc_params_todata(dh_get0_params(dh), NULL, params) && dh_key_todata(dh, NULL, params); } @@ -306,6 +317,7 @@ static const OSSL_PARAM dh_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), DH_IMEXPORTABLE_PARAMETERS, DH_IMEXPORTABLE_PUBLIC_KEY, DH_IMEXPORTABLE_PRIVATE_KEY, @@ -317,6 +329,30 @@ static const OSSL_PARAM *dh_gettable_params(void) return dh_params; } +static const OSSL_PARAM dh_known_settable_params[] = { + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *dh_settable_params(void) +{ + return dh_known_settable_params; +} + +static int dh_set_params(void *key, const OSSL_PARAM params[]) +{ + DH *dh = key; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT); + if (p != NULL + && (p->data_type != OSSL_PARAM_OCTET_STRING + || !dh_buf2key(dh, p->data, p->data_size))) + return 0; + + return 1; +} + static int dh_validate_public(DH *dh) { const BIGNUM *pub_key = NULL; @@ -621,6 +657,8 @@ const OSSL_DISPATCH dh_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata }, { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params }, { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))dh_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))dh_settable_params }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has }, { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dh_match }, { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dh_validate }, diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 8e7b9f3014..7e3220739f 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -504,6 +504,20 @@ int ec_get_params(void *key, OSSL_PARAM params[]) if (!OSSL_PARAM_set_int(p, ecdh_cofactor_mode)) return 0; } + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) { + BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key)); + + if (ctx == NULL) + return 0; + p->return_size = EC_POINT_point2oct(EC_KEY_get0_group(key), + EC_KEY_get0_public_key(key), + POINT_CONVERSION_UNCOMPRESSED, + p->data, p->return_size, ctx); + BN_CTX_free(ctx); + if (p->return_size == 0) + return 0; + } + ret = domparams_to_params(eck, NULL, params) && key_to_params(eck, NULL, params, 1, &pub_key) && otherparams_to_params(eck, NULL, params); @@ -515,6 +529,7 @@ static const OSSL_PARAM ec_known_gettable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), EC_IMEXPORTABLE_DOM_PARAMETERS, EC_IMEXPORTABLE_PUBLIC_KEY, EC_IMEXPORTABLE_PRIVATE_KEY, @@ -530,6 +545,7 @@ const OSSL_PARAM *ec_gettable_params(void) static const OSSL_PARAM ec_known_settable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), OSSL_PARAM_END }; @@ -543,6 +559,21 @@ static int ec_set_params(void *key, const OSSL_PARAM params[]) { EC_KEY *eck = key; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT); + if (p != NULL) { + BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key)); + int ret = 1; + + if (ctx == NULL + || p->data_type != OSSL_PARAM_OCTET_STRING + || !EC_KEY_oct2key(key, p->data, p->data_size, ctx)) + ret = 0; + BN_CTX_free(ctx); + if (!ret) + return 0; + } return ec_key_otherparams_fromdata(eck, params); } diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index e2b613e5e0..e5c7e8bf3a 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -46,6 +46,14 @@ static OSSL_OP_keymgmt_gettable_params_fn x25519_gettable_params; static OSSL_OP_keymgmt_gettable_params_fn x448_gettable_params; static OSSL_OP_keymgmt_gettable_params_fn ed25519_gettable_params; static OSSL_OP_keymgmt_gettable_params_fn ed448_gettable_params; +static OSSL_OP_keymgmt_set_params_fn x25519_set_params; +static OSSL_OP_keymgmt_set_params_fn x448_set_params; +static OSSL_OP_keymgmt_set_params_fn ed25519_set_params; +static OSSL_OP_keymgmt_set_params_fn ed448_set_params; +static OSSL_OP_keymgmt_settable_params_fn x25519_settable_params; +static OSSL_OP_keymgmt_settable_params_fn x448_settable_params; +static OSSL_OP_keymgmt_settable_params_fn ed25519_settable_params; +static OSSL_OP_keymgmt_settable_params_fn ed448_settable_params; static OSSL_OP_keymgmt_has_fn ecx_has; static OSSL_OP_keymgmt_match_fn ecx_match; static OSSL_OP_keymgmt_import_fn ecx_import; @@ -93,8 +101,11 @@ static int ecx_has(void *keydata, int selection) int ok = 0; if (key != NULL) { - if ((selection & ECX_POSSIBLE_SELECTIONS) != 0) - ok = 1; + /* + * ECX keys always have all the parameters they need (i.e. none). + * Therefore we always return with 1, if asked about parameters. + */ + ok = 1; if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) ok = ok && key->haspubkey; @@ -233,6 +244,13 @@ static int ecx_get_params(void *key, OSSL_PARAM params[], int bits, int secbits, if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL && !OSSL_PARAM_set_int(p, size)) return 0; + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL + && (ecx->type == ECX_KEY_TYPE_X25519 + || ecx->type == ECX_KEY_TYPE_X448)) { + if (!OSSL_PARAM_set_octet_string(p, ecx->pubkey, ecx->keylen)) + return 0; + } + return key_to_params(ecx, NULL, params); } @@ -273,16 +291,17 @@ static int ed448_get_params(void *key, OSSL_PARAM params[]) && ed_get_params(key, params); } -static const OSSL_PARAM ecx_params[] = { +static const OSSL_PARAM ecx_gettable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), ECX_KEY_TYPES(), OSSL_PARAM_END }; -static const OSSL_PARAM ed_params[] = { +static const OSSL_PARAM ed_gettable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), @@ -292,22 +311,92 @@ static const OSSL_PARAM ed_params[] = { static const OSSL_PARAM *x25519_gettable_params(void) { - return ecx_params; + return ecx_gettable_params; } static const OSSL_PARAM *x448_gettable_params(void) { - return ecx_params; + return ecx_gettable_params; } static const OSSL_PARAM *ed25519_gettable_params(void) { - return ed_params; + return ed_gettable_params; } static const OSSL_PARAM *ed448_gettable_params(void) { - return ed_params; + return ed_gettable_params; +} + +static int ecx_set_params(void *key, const OSSL_PARAM params[]) +{ + ECX_KEY *ecxkey = key; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT); + if (p != NULL) { + void *buf = ecxkey->pubkey; + + if (p->data_size != ecxkey->keylen + || !OSSL_PARAM_get_octet_string(p, &buf, sizeof(ecxkey->pubkey), + NULL)) + return 0; + OPENSSL_clear_free(ecxkey->privkey, ecxkey->keylen); + ecxkey->privkey = NULL; + ecxkey->haspubkey = 1; + } + + return 1; +} + +static int x25519_set_params(void *key, const OSSL_PARAM params[]) +{ + return ecx_set_params(key, params); +} + +static int x448_set_params(void *key, const OSSL_PARAM params[]) +{ + return ecx_set_params(key, params); +} + +static int ed25519_set_params(void *key, const OSSL_PARAM params[]) +{ + return 1; +} + +static int ed448_set_params(void *key, const OSSL_PARAM params[]) +{ + return 1; +} + +static const OSSL_PARAM ecx_settable_params[] = { + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM ed_settable_params[] = { + OSSL_PARAM_END +}; + +static const OSSL_PARAM *x25519_settable_params(void) +{ + return ecx_settable_params; +} + +static const OSSL_PARAM *x448_settable_params(void) +{ + return ecx_settable_params; +} + +static const OSSL_PARAM *ed25519_settable_params(void) +{ + return ed_settable_params; +} + +static const OSSL_PARAM *ed448_settable_params(void) +{ + return ed_settable_params; } static void *ecx_gen_init(void *provctx, int selection, ECX_KEY_TYPE type) @@ -450,6 +539,8 @@ static void ecx_gen_cleanup(void *genctx) { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ecx_key_free }, \ { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))alg##_get_params }, \ { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))alg##_gettable_params }, \ + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))alg##_set_params }, \ + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))alg##_settable_params }, \ { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has }, \ { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ecx_match }, \ { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import }, \ diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 764c52322d..ab2d98de60 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -648,21 +648,6 @@ static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id) /* SSLfatal() already called */ return 0; } - - /* - * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() - * knows how to get a key from an encoded point with the help of - * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() - * downgrades an EVP_PKEY to contain a legacy key. - * - * THIS IS TEMPORARY - */ - EVP_PKEY_get0(key_share_key); - if (EVP_PKEY_id(key_share_key) == EVP_PKEY_NONE) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, - ERR_R_EC_LIB); - goto err; - } } /* Encode the public key. */ @@ -1926,22 +1911,6 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - /* - * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() - * knows how to get a key from an encoded point with the help of - * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() - * downgrades an EVP_PKEY to contain a legacy key. - * - * THIS IS TEMPORARY - */ - EVP_PKEY_get0(skey); - if (EVP_PKEY_id(skey) == EVP_PKEY_NONE) { - EVP_PKEY_free(skey); - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, - ERR_R_INTERNAL_ERROR); - return 0; - } - if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt))) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE, diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index aa71cec7e9..3a0fee6ebc 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -715,21 +715,6 @@ int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 0; } - /* - * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() - * knows how to get a key from an encoded point with the help of - * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() - * downgrades an EVP_PKEY to contain a legacy key. - * - * THIS IS TEMPORARY - */ - EVP_PKEY_get0(s->s3.peer_tmp); - if (EVP_PKEY_id(s->s3.peer_tmp) == EVP_PKEY_NONE) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, - ERR_R_INTERNAL_ERROR); - return 0; - } - s->s3.group_id = group_id; if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp, @@ -1757,21 +1742,6 @@ EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, return EXT_RETURN_FAIL; } - /* - * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() - * knows how to get a key from an encoded point with the help of - * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() - * downgrades an EVP_PKEY to contain a legacy key. - * - * THIS IS TEMPORARY - */ - EVP_PKEY_get0(skey); - if (EVP_PKEY_id(skey) == EVP_PKEY_NONE) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - /* Generate encoding of server key */ encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint); if (encoded_pt_len == 0) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 67d8ae8ce6..7189940a62 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2231,21 +2231,6 @@ static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey) return 0; } - /* - * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() - * knows how to get a key from an encoded point with the help of - * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() - * downgrades an EVP_PKEY to contain a legacy key. - * - * THIS IS TEMPORARY - */ - EVP_PKEY_get0(s->s3.peer_tmp); - if (EVP_PKEY_id(s->s3.peer_tmp) == EVP_PKEY_NONE) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE, - ERR_R_INTERNAL_ERROR); - return 0; - } - if (!EVP_PKEY_set1_tls_encodedpoint(s->s3.peer_tmp, PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt))) { @@ -3148,21 +3133,6 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt) goto err; } - /* - * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() - * knows how to get a key from an encoded point with the help of - * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() - * downgrades an EVP_PKEY to contain a legacy key. - * - * THIS IS TEMPORARY - */ - EVP_PKEY_get0(ckey); - if (EVP_PKEY_id(skey) == EVP_PKEY_NONE) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, - ERR_R_INTERNAL_ERROR); - goto err; - } - if (ssl_derive(s, ckey, skey, 0) == 0) { /* SSLfatal() already called */ goto err; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index e5340b4e7f..036bfadbe5 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2636,20 +2636,6 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt) goto err; } - /* - * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() - * knows how to get a key from an encoded point with the help of - * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() - * downgrades an EVP_PKEY to contain a legacy key. - * - * THIS IS TEMPORARY - */ - EVP_PKEY_get0(s->s3.tmp.pkey); - if (EVP_PKEY_id(s->s3.tmp.pkey) == EVP_PKEY_NONE) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_EC_LIB); - goto err; - } - /* Encode the public key. */ encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3.tmp.pkey, &encodedPoint); @@ -3234,21 +3220,6 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) goto err; } - /* - * TODO(3.0) Remove this when EVP_PKEY_get1_tls_encodedpoint() - * knows how to get a key from an encoded point with the help of - * a OSSL_SERIALIZER deserializer. We know that EVP_PKEY_get0() - * downgrades an EVP_PKEY to contain a legacy key. - * - * THIS IS TEMPORARY - */ - EVP_PKEY_get0(ckey); - if (EVP_PKEY_id(ckey) == EVP_PKEY_NONE) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, - ERR_R_INTERNAL_ERROR); - goto err; - } - if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, ERR_R_EC_LIB); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a59d992e47..68bd5f2611 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1217,17 +1217,6 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) const SIGALG_LOOKUP *lu; int secbits = 0; - /* - * TODO(3.0) Remove this when we adapted this function for provider - * side keys. We know that EVP_PKEY_get0() downgrades an EVP_PKEY - * to contain a legacy key. - * - * THIS IS TEMPORARY - */ - EVP_PKEY_get0(pkey); - if (EVP_PKEY_id(pkey) == EVP_PKEY_NONE) - return 0; - pkeyid = EVP_PKEY_id(pkey); /* Should never happen */ if (pkeyid == -1) diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index 4c68f6bc6c..ffb56cb3ee 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -855,7 +855,8 @@ static int test_fromdata_ecx(int tst) goto err; if (!TEST_ptr(copy_pk = EVP_PKEY_new()) - || !TEST_false(EVP_PKEY_copy_parameters(copy_pk, pk))) + /* This should succeed because there are no parameters to copy */ + || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk))) goto err; if (!TEST_true(EVP_PKEY_get_octet_string_param( From openssl at openssl.org Fri Jun 5 11:13:54 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 05 Jun 2020 11:13:54 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1591355634.069990.24591.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=199, Tests=1918, 732 wallclock secs ( 8.09 usr 1.73 sys + 695.28 cusr 42.31 csys = 747.41 CPU) Result: FAIL Makefile:3100: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3098: recipe for target 'tests' failed make: *** [tests] Error 2 From kaduk at mit.edu Sat Jun 6 00:11:48 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Sat, 06 Jun 2020 00:11:48 +0000 Subject: [openssl] master update Message-ID: <1591402308.494316.10870.nullmailer@dev.openssl.org> The branch master has been updated via 09527c493596060544bda92ecd0d8ef40a366c5e (commit) from 7b2d995ed79f0653defd682e5097ed937f4cabbc (commit) - Log ----------------------------------------------------------------- commit 09527c493596060544bda92ecd0d8ef40a366c5e Author: Benjamin Kaduk Date: Thu May 28 14:34:10 2020 -0700 Fix a typo in SSL_CTX_set_session_ticket_cb.pod "SSL" takes two esses, not three. [skip ci] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12038) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_session_ticket_cb.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod index 8cdb88cc55..2a9576e259 100644 --- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -177,7 +177,7 @@ L =head1 HISTORY -The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() +The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT From kaduk at mit.edu Sat Jun 6 00:12:20 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Sat, 06 Jun 2020 00:12:20 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1591402340.908514.12539.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via ad178c15a112d10380a6446127b069270af666de (commit) from 8354f53d40781630eb4caa1a2ce31eca5296aa29 (commit) - Log ----------------------------------------------------------------- commit ad178c15a112d10380a6446127b069270af666de Author: Benjamin Kaduk Date: Thu May 28 14:34:10 2020 -0700 Fix a typo in SSL_CTX_set_session_ticket_cb.pod "SSL" takes two esses, not three. [skip ci] Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12038) (cherry picked from commit 09527c493596060544bda92ecd0d8ef40a366c5e) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_session_ticket_cb.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/SSL_CTX_set_session_ticket_cb.pod b/doc/man3/SSL_CTX_set_session_ticket_cb.pod index f3dfb62c23..99d2f29ac6 100644 --- a/doc/man3/SSL_CTX_set_session_ticket_cb.pod +++ b/doc/man3/SSL_CTX_set_session_ticket_cb.pod @@ -177,7 +177,7 @@ L =head1 HISTORY -The SSL_CTX_set_session_ticket_cb(), SSSL_SESSION_set1_ticket_appdata() +The SSL_CTX_set_session_ticket_cb(), SSL_SESSION_set1_ticket_appdata() and SSL_SESSION_get_ticket_appdata() functions were added in OpenSSL 1.1.1. =head1 COPYRIGHT From openssl at openssl.org Sat Jun 6 02:00:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 06 Jun 2020 02:00:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1591408831.741121.11398.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4078: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3053: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Sat Jun 6 06:30:46 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 06 Jun 2020 06:30:46 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1591425046.152087.30666.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-core_numbers.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c Makefile:4071: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3046: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From levitte at openssl.org Sat Jun 6 08:36:13 2020 From: levitte at openssl.org (Richard Levitte) Date: Sat, 06 Jun 2020 08:36:13 +0000 Subject: [openssl] master update Message-ID: <1591432573.208875.30167.nullmailer@dev.openssl.org> The branch master has been updated via f5e23fe88904fb5309e5b199bf5254b06dd4f883 (commit) via 0808a75e4db421f0f33d866b0abfe10db4f472f2 (commit) from 09527c493596060544bda92ecd0d8ef40a366c5e (commit) - Log ----------------------------------------------------------------- commit f5e23fe88904fb5309e5b199bf5254b06dd4f883 Author: Richard Levitte Date: Fri May 22 19:09:45 2020 +0200 APPS: Remove unnecessary NULL check of uri in load_cert_pass() Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/11873) commit 0808a75e4db421f0f33d866b0abfe10db4f472f2 Author: Richard Levitte Date: Tue May 19 15:56:18 2020 +0200 APPS: Make it possible to load_cert() from stdin again Fixes #11871 Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/11873) ----------------------------------------------------------------------- Summary of changes: apps/lib/apps.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 087ef4ec84..6fd27c3665 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -438,10 +438,6 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin, if (desc == NULL) desc = "certificate"; - if (uri == NULL) { - unbuffer(stdin); - uri = ""; - } (void)load_key_cert_crl(uri, maybe_stdin, pass, desc, NULL, &cert, NULL); if (cert == NULL) { BIO_printf(bio_err, "Unable to load %s\n", desc); @@ -453,7 +449,7 @@ X509 *load_cert_pass(const char *uri, int maybe_stdin, /* the format parameter is meanwhile not needed anymore and thus ignored */ X509 *load_cert(const char *uri, int format, const char *desc) { - return load_cert_pass(uri, 0, NULL, desc); + return load_cert_pass(uri, 1, NULL, desc); } /* the format parameter is meanwhile not needed anymore and thus ignored */ From openssl at openssl.org Sat Jun 6 08:55:28 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 06 Jun 2020 08:55:28 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1591433728.210413.18013.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-list.d.tmp -MT apps/openssl-bin-list.o -c -o apps/openssl-bin-list.o ../openssl/apps/list.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-mac.d.tmp -MT apps/openssl-bin-mac.o -c -o apps/openssl-bin-mac.o ../openssl/apps/mac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-nseq.d.tmp -MT apps/openssl-bin-nseq.o -c -o apps/openssl-bin-nseq.o ../openssl/apps/nseq.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-ocsp.d.tmp -MT apps/openssl-bin-ocsp.o -c -o apps/openssl-bin-ocsp.o ../openssl/apps/ocsp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-openssl.d.tmp -MT apps/openssl-bin-openssl.o -c -o apps/openssl-bin-openssl.o ../openssl/apps/openssl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-passwd.d.tmp -MT apps/openssl-bin-passwd.o -c -o apps/openssl-bin-passwd.o ../openssl/apps/passwd.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs12.d.tmp -MT apps/openssl-bin-pkcs12.o -c -o apps/openssl-bin-pkcs12.o ../openssl/apps/pkcs12.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs7.d.tmp -MT apps/openssl-bin-pkcs7.o -c -o apps/openssl-bin-pkcs7.o ../openssl/apps/pkcs7.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs8.d.tmp -MT apps/openssl-bin-pkcs8.o -c -o apps/openssl-bin-pkcs8.o ../openssl/apps/pkcs8.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkey.d.tmp -MT apps/openssl-bin-pkey.o -c -o apps/openssl-bin-pkey.o ../openssl/apps/pkey.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyparam.d.tmp -MT apps/openssl-bin-pkeyparam.o -c -o apps/openssl-bin-pkeyparam.o ../openssl/apps/pkeyparam.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyutl.d.tmp -MT apps/openssl-bin-pkeyutl.o -c -o apps/openssl-bin-pkeyutl.o ../openssl/apps/pkeyutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-prime.d.tmp -MT apps/openssl-bin-prime.o -c -o apps/openssl-bin-prime.o ../openssl/apps/prime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-progs.d.tmp -MT apps/openssl-bin-progs.o -c -o apps/openssl-bin-progs.o apps/progs.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-provider.d.tmp -MT apps/openssl-bin-provider.o -c -o apps/openssl-bin-provider.o ../openssl/apps/provider.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rand.d.tmp -MT apps/openssl-bin-rand.o -c -o apps/openssl-bin-rand.o ../openssl/apps/rand.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rehash.d.tmp -MT apps/openssl-bin-rehash.o -c -o apps/openssl-bin-rehash.o ../openssl/apps/rehash.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-req.d.tmp -MT apps/openssl-bin-req.o -c -o apps/openssl-bin-req.o ../openssl/apps/req.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsa.d.tmp -MT apps/openssl-bin-rsa.o -c -o apps/openssl-bin-rsa.o ../openssl/apps/rsa.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsautl.d.tmp -MT apps/openssl-bin-rsautl.o -c -o apps/openssl-bin-rsautl.o ../openssl/apps/rsautl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_client.d.tmp -MT apps/openssl-bin-s_client.o -c -o apps/openssl-bin-s_client.o ../openssl/apps/s_client.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_server.d.tmp -MT apps/openssl-bin-s_server.o -c -o apps/openssl-bin-s_server.o ../openssl/apps/s_server.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_time.d.tmp -MT apps/openssl-bin-s_time.o -c -o apps/openssl-bin-s_time.o ../openssl/apps/s_time.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-sess_id.d.tmp -MT apps/openssl-bin-sess_id.o -c -o apps/openssl-bin-sess_id.o ../openssl/apps/sess_id.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-smime.d.tmp -MT apps/openssl-bin-smime.o -c -o apps/openssl-bin-smime.o ../openssl/apps/smime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-speed.d.tmp -MT apps/openssl-bin-speed.o -c -o apps/openssl-bin-speed.o ../openssl/apps/speed.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-spkac.d.tmp -MT apps/openssl-bin-spkac.o -c -o apps/openssl-bin-spkac.o ../openssl/apps/spkac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-srp.d.tmp -MT apps/openssl-bin-srp.o -c -o apps/openssl-bin-srp.o ../openssl/apps/srp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-storeutl.d.tmp -MT apps/openssl-bin-storeutl.o -c -o apps/openssl-bin-storeutl.o ../openssl/apps/storeutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-verify.d.tmp -MT apps/openssl-bin-verify.o -c -o apps/openssl-bin-verify.o ../openssl/apps/verify.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-version.d.tmp -MT apps/openssl-bin-version.o -c -o apps/openssl-bin-version.o ../openssl/apps/version.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-x509.d.tmp -MT apps/openssl-bin-x509.o -c -o apps/openssl-bin-x509.o ../openssl/apps/x509.c rm -f fuzz/cmp-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o fuzz/cmp-test \ fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-test-corpus.o \ libcrypto.a -ldl -pthread rm -f test/asn1_dsa_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_dsa_internal_test \ test/asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/asn1_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_internal_test \ test/asn1_internal_test-bin-asn1_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/bn_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/bn_internal_test \ test/bn_internal_test-bin-bn_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23048: recipe for target 'test/asn1_dsa_internal_test' failed make[1]: *** [test/asn1_dsa_internal_test] Error 1 make[1]: *** Waiting for unfinished jobs.... clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22827: recipe for target 'fuzz/cmp-test' failed make[1]: *** [fuzz/cmp-test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23078: recipe for target 'test/asn1_internal_test' failed make[1]: *** [test/asn1_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23276: recipe for target 'test/bn_internal_test' failed make[1]: *** [test/bn_internal_test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ts' Makefile:3037: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From dev at ddvo.net Sat Jun 6 09:24:53 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Sat, 06 Jun 2020 09:24:53 +0000 Subject: [openssl] master update Message-ID: <1591435493.751117.27829.nullmailer@dev.openssl.org> The branch master has been updated via 591315297ec45ada0d31f057c4f6cff7f572bf3e (commit) from f5e23fe88904fb5309e5b199bf5254b06dd4f883 (commit) - Log ----------------------------------------------------------------- commit 591315297ec45ada0d31f057c4f6cff7f572bf3e Author: Dr. David von Oheimb Date: Tue Jun 2 13:02:42 2020 +0200 Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() Also documents that they meanwhile try all IP addresses resolved for a given domain name Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12017) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 6 ++++++ doc/man3/BIO_f_ssl.pod | 15 +++++++++------ doc/man3/BIO_s_connect.pod | 13 +++++++++---- 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 39088d1bc7..ca60b9c2e4 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -172,6 +172,12 @@ OpenSSL 3.0 *David von Oheimb* + * BIO_do_connect and BIO_do_handshake have been extended: + If domain name resolution yields multiple IP addresses all of them are tried + after connect() failures. + + *David von Oheimb* + * All of the low level RSA functions have been deprecated including: RSA_new_method, RSA_size, RSA_security_bits, RSA_get0_pss_params, diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod index 6b896e2a2b..8bbbb0436d 100644 --- a/doc/man3/BIO_f_ssl.pod +++ b/doc/man3/BIO_f_ssl.pod @@ -96,12 +96,15 @@ chain and calling SSL_shutdown() on its internal SSL pointer. BIO_do_handshake() attempts to complete an SSL handshake on the -supplied BIO and establish the SSL connection. It returns 1 -if the connection was established successfully. A zero or negative -value is returned if the connection could not be established, the -call BIO_should_retry() should be used for non blocking connect BIOs -to determine if the call should be retried. If an SSL connection has -already been established this call has no effect. +-supplied BIO and establish the SSL connection. +For non-SSL BIOs the connection is done typically at TCP level. +If domain name resolution yields multiple IP addresses all of them are tried +after connect() failures. +The function returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be established. +The call BIO_should_retry() should be used for non-blocking connect BIOs +to determine if the call should be retried. +If a connection has already been established this call has no effect. =head1 NOTES diff --git a/doc/man3/BIO_s_connect.pod b/doc/man3/BIO_s_connect.pod index 24f1120625..d5a909dcd2 100644 --- a/doc/man3/BIO_s_connect.pod +++ b/doc/man3/BIO_s_connect.pod @@ -94,11 +94,16 @@ non blocking I/O is set during the connect process. BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into a single call: that is it creates a new connect BIO with B. -BIO_do_connect() attempts to connect the supplied BIO. It returns 1 -if the connection was established successfully. A zero or negative -value is returned if the connection could not be established, the -call BIO_should_retry() should be used for non blocking connect BIOs +BIO_do_connect() attempts to connect the supplied BIO. +This performs an SSL/TLS handshake as far as supported by the BIO. +For non-SSL BIOs the connection is done typically at TCP level. +If domain name resolution yields multiple IP addresses all of them are tried +after connect() failures. +The function returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be established. +The call BIO_should_retry() should be used for non blocking connect BIOs to determine if the call should be retried. +If a connection has already been established this call has no effect. =head1 NOTES From openssl at openssl.org Sat Jun 6 12:31:19 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 06 Jun 2020 12:31:19 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1591446679.373031.32665.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=199, Tests=1991, 708 wallclock secs ( 7.72 usr 1.45 sys + 667.86 cusr 45.67 csys = 722.70 CPU) Result: FAIL Makefile:3083: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3081: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat Jun 6 14:54:08 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 06 Jun 2020 14:54:08 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1591455248.311148.27533.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=199, Tests=1993, 723 wallclock secs ( 8.15 usr 1.79 sys + 681.30 cusr 45.70 csys = 736.94 CPU) Result: FAIL Makefile:3100: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3098: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat Jun 6 17:00:29 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 06 Jun 2020 17:00:29 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1591462829.285720.21691.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 6985b0e3de Add github sponsor button 00da0f6989 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation c1fd005bfc Add cipher list ciphersuites which using encryption algorithm in mode CBC. c8567c392c CORE: make sure activated fallback providers stay activated f995e5bdcd TEST: Add provider_fallback_test, to test aspects of fallback providers 4cbb196b1b Fix missed fields in EVP_PKEY_meth_copy. c2db6839e4 Prepare for 3.0 alpha 4 3952c5a312 Prepare for release of 3.0 alpha 3 00c405b365 Update copyright year 19d15f97b3 ossl_shim: const cast the param arguments to avoid errors 42fa3e6669 Fix a buffer overflow in drbg_ctr_generate 2b584ff372 Update manpage to fix examples, other minor tweaks 4e6e57cfcd Cleanup cert config files for tests 5c01a133ec ossl_shim: include core_names.h to resolve undeclared symbols Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=199, Tests=1993, 729 wallclock secs ( 8.19 usr 1.45 sys + 687.02 cusr 46.34 csys = 743.00 CPU) Result: FAIL Makefile:3107: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3105: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Sat Jun 6 17:19:31 2020 From: levitte at openssl.org (Richard Levitte) Date: Sat, 06 Jun 2020 17:19:31 +0000 Subject: [openssl] master update Message-ID: <1591463971.149000.20537.nullmailer@dev.openssl.org> The branch master has been updated via c4683009ad6e8d64e80112fd689921f6c169bd20 (commit) via 66d8bd4b37c759e2db51324f5614438bf3db1dbd (commit) via 8dce4aa2d974fa357bb3f7d8a77e581d487de732 (commit) from 591315297ec45ada0d31f057c4f6cff7f572bf3e (commit) - Log ----------------------------------------------------------------- commit c4683009ad6e8d64e80112fd689921f6c169bd20 Author: Richard Levitte Date: Fri Jun 5 17:05:07 2020 +0200 TEST: Adjust test/bioprinttest.c to behave like the testutil routines Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12057) commit 66d8bd4b37c759e2db51324f5614438bf3db1dbd Author: Richard Levitte Date: Fri Jun 5 17:04:33 2020 +0200 TESTUTIL: Adjust the rest of testutil Fixes #12054 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12057) commit 8dce4aa2d974fa357bb3f7d8a77e581d487de732 Author: Richard Levitte Date: Fri Jun 5 16:55:42 2020 +0200 TESTUTIL: Separate TAP output and other output by BIO filter Output that's supposed to be understood by a TAP parser gets its own BIOs (|tap_out| and |tap_err|), and is only used internally within testutils. |bio_out| and |bio_err| is now only used for output that shouldn't be parsed by the TAP parser, and all output written to those BIOs are therefore always made to look like comments (it gets prefixed with "# "). Indentation and prefixing with "# " is reworked to use BIO_f_prefix(), which allows us to throw away the internal BIO_f_tap(). The indentation level is now adjusted via a special function. Fixes #12054 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12057) ----------------------------------------------------------------------- Summary of changes: test/bioprinttest.c | 34 ++++++++- test/build.info | 2 +- test/testutil/basic_output.c | 58 +++++++++++++-- test/testutil/driver.c | 35 +++++----- test/testutil/format_output.c | 3 +- test/testutil/output.h | 11 +++ test/testutil/output_helpers.c | 24 +++++++ test/testutil/tap_bio.c | 155 ----------------------------------------- 8 files changed, 137 insertions(+), 185 deletions(-) delete mode 100644 test/testutil/tap_bio.c diff --git a/test/bioprinttest.c b/test/bioprinttest.c index 18c00e09b6..04d1613c6c 100644 --- a/test/bioprinttest.c +++ b/test/bioprinttest.c @@ -297,10 +297,20 @@ int setup_tests(void) * Replace testutil output routines. We do this to eliminate possible sources * of BIO error */ +BIO *bio_out = NULL; +BIO *bio_err = NULL; + +static int tap_level = 0; + void test_open_streams(void) { } +void test_adjust_streams_tap_level(int level) +{ + tap_level = level; +} + void test_close_streams(void) { } @@ -312,12 +322,12 @@ void test_close_streams(void) */ int test_vprintf_stdout(const char *fmt, va_list ap) { - return vfprintf(stdout, fmt, ap); + return fprintf(stdout, "%*s# ", tap_level, "") + vfprintf(stdout, fmt, ap); } int test_vprintf_stderr(const char *fmt, va_list ap) { - return vfprintf(stderr, fmt, ap); + return fprintf(stderr, "%*s# ", tap_level, "") + vfprintf(stderr, fmt, ap); } int test_flush_stdout(void) @@ -330,3 +340,23 @@ int test_flush_stderr(void) return fflush(stderr); } +int test_vprintf_tapout(const char *fmt, va_list ap) +{ + return fprintf(stdout, "%*s", tap_level, "") + vfprintf(stdout, fmt, ap); +} + +int test_vprintf_taperr(const char *fmt, va_list ap) +{ + return fprintf(stderr, "%*s", tap_level, "") + vfprintf(stderr, fmt, ap); +} + +int test_flush_tapout(void) +{ + return fflush(stdout); +} + +int test_flush_taperr(void) +{ + return fflush(stderr); +} + diff --git a/test/build.info b/test/build.info index 868b8ebefa..6256a34c91 100644 --- a/test/build.info +++ b/test/build.info @@ -20,7 +20,7 @@ IF[{- !$disabled{tests} -}] LIBS{noinst,has_main}=libtestutil.a SOURCE[libtestutil.a]=testutil/basic_output.c testutil/output_helpers.c \ testutil/driver.c testutil/tests.c testutil/cb.c testutil/stanza.c \ - testutil/format_output.c testutil/tap_bio.c \ + testutil/format_output.c \ testutil/test_cleanup.c testutil/main.c testutil/testutil_init.c \ testutil/options.c testutil/test_options.c \ testutil/apps_mem.c testutil/random.c $LIBAPPSSRC diff --git a/test/testutil/basic_output.c b/test/testutil/basic_output.c index 93afcd0fd1..bbed57c55a 100644 --- a/test/testutil/basic_output.c +++ b/test/testutil/basic_output.c @@ -14,27 +14,51 @@ #include #include +/* These are available for any test program */ BIO *bio_out = NULL; BIO *bio_err = NULL; +/* These are available for TAP output only (internally) */ +static BIO *tap_out = NULL; +static BIO *tap_err = NULL; + void test_open_streams(void) { - bio_out = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); + tap_out = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); + tap_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); #ifdef __VMS - bio_out = BIO_push(BIO_new(BIO_f_linebuffer()), bio_out); - bio_err = BIO_push(BIO_new(BIO_f_linebuffer()), bio_err); + tap_out = BIO_push(BIO_new(BIO_f_linebuffer()), tap_out); + tap_err = BIO_push(BIO_new(BIO_f_linebuffer()), tap_err); #endif - bio_err = BIO_push(BIO_new(BIO_f_tap()), bio_err); + tap_out = BIO_push(BIO_new(BIO_f_prefix()), tap_out); + tap_err = BIO_push(BIO_new(BIO_f_prefix()), tap_err); + + bio_out = BIO_push(BIO_new(BIO_f_prefix()), tap_out); + bio_err = BIO_push(BIO_new(BIO_f_prefix()), tap_err); + BIO_set_prefix(bio_out, "# "); + BIO_set_prefix(bio_err, "# "); OPENSSL_assert(bio_out != NULL); OPENSSL_assert(bio_err != NULL); } +void test_adjust_streams_tap_level(int level) +{ + BIO_set_indent(tap_out, level); + BIO_set_indent(tap_err, level); +} + void test_close_streams(void) { - BIO_free_all(bio_out); - BIO_free_all(bio_err); + /* + * The rest of the chain is freed by the BIO_free_all() calls below, so + * we only need to free the last one in the bio_out and bio_err chains. + */ + BIO_free(bio_out); + BIO_free(bio_err); + + BIO_free_all(tap_out); + BIO_free_all(tap_err); } int test_vprintf_stdout(const char *fmt, va_list ap) @@ -56,3 +80,23 @@ int test_flush_stderr(void) { return BIO_flush(bio_err); } + +int test_vprintf_tapout(const char *fmt, va_list ap) +{ + return BIO_vprintf(tap_out, fmt, ap); +} + +int test_vprintf_taperr(const char *fmt, va_list ap) +{ + return BIO_vprintf(tap_err, fmt, ap); +} + +int test_flush_tapout(void) +{ + return BIO_flush(tap_out); +} + +int test_flush_taperr(void) +{ + return BIO_flush(tap_err); +} diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 030fb1544c..775e3daf55 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -76,11 +76,6 @@ void add_all_tests(const char *test_case_name, int(*test_fn)(int idx), num_test_cases += num; } -int subtest_level(void) -{ - return level; -} - static int gcd(int a, int b) { while (b != 0) { @@ -96,7 +91,7 @@ static void set_seed(int s) seed = s; if (seed <= 0) seed = (int)time(NULL); - test_printf_stdout("%*s# RAND SEED %d\n", subtest_level(), "", seed); + test_printf_stdout("RAND SEED %d\n", seed); test_flush_stdout(); test_random_seed(seed); } @@ -109,6 +104,7 @@ int setup_test_framework(int argc, char *argv[]) if (TAP_levels != NULL) level = 4 * atoi(TAP_levels); + test_adjust_streams_tap_level(level); if (test_seed != NULL) set_seed(atoi(test_seed)); @@ -214,6 +210,7 @@ static int process_shared_options(void) if (!opt_int(opt_arg(), &value)) goto end; level = 4 * value; + test_adjust_streams_tap_level(level); break; case OPT_TEST_SEED: if (!opt_int(opt_arg(), &value)) @@ -260,13 +257,13 @@ PRINTF_FORMAT(2, 3) static void test_verdict(int verdict, test_flush_stdout(); test_flush_stderr(); - test_printf_stdout("%*s%s ", level, "", verdict != 0 ? "ok" : "not ok"); + test_printf_tapout("%s ", verdict != 0 ? "ok" : "not ok"); va_start(ap, description); - test_vprintf_stdout(description, ap); + test_vprintf_tapout(description, ap); va_end(ap); if (verdict == TEST_SKIP_CODE) - test_printf_stdout(" # skipped"); - test_printf_stdout("\n"); + test_printf_tapout(" # skipped"); + test_printf_tapout("\n"); test_flush_stdout(); } @@ -284,12 +281,11 @@ int run_tests(const char *test_prog_name) return EXIT_FAILURE; if (num_tests < 1) { - test_printf_stdout("%*s1..0 # Skipped: %s\n", level, "", - test_prog_name); + test_printf_tapout("1..0 # Skipped: %s\n", test_prog_name); } else if (show_list == 0 && single_test == -1) { if (level > 0) - test_printf_stdout("%*s# Subtest: %s\n", level, "", test_prog_name); - test_printf_stdout("%*s1..%d\n", level, "", num_tests); + test_printf_stdout("Subtest: %s\n", test_prog_name); + test_printf_tapout("1..%d\n", num_tests); } test_flush_stdout(); @@ -312,11 +308,11 @@ int run_tests(const char *test_prog_name) } else if (show_list) { if (all_tests[i].num != -1) { - test_printf_stdout("%d - %s (%d..%d)\n", ii + 1, + test_printf_tapout("%d - %s (%d..%d)\n", ii + 1, all_tests[i].test_case_name, 1, all_tests[i].num); } else { - test_printf_stdout("%d - %s\n", ii + 1, + test_printf_tapout("%d - %s\n", ii + 1, all_tests[i].test_case_name); } test_flush_stdout(); @@ -332,11 +328,11 @@ int run_tests(const char *test_prog_name) verdict = TEST_SKIP_CODE; level += 4; + test_adjust_streams_tap_level(level); if (all_tests[i].subtest && single_iter == -1) { - test_printf_stdout("%*s# Subtest: %s\n", level, "", + test_printf_stdout("Subtest: %s\n", all_tests[i].test_case_name); - test_printf_stdout("%*s%d..%d\n", level, "", 1, - all_tests[i].num); + test_printf_tapout("%d..%d\n", 1, all_tests[i].num); test_flush_stdout(); } @@ -375,6 +371,7 @@ int run_tests(const char *test_prog_name) } level -= 4; + test_adjust_streams_tap_level(level); if (verdict == 0) ++num_failed; test_verdict(verdict, "%d - %s", ii + 1, diff --git a/test/testutil/format_output.c b/test/testutil/format_output.c index 7f5147516e..a2f8a9e0aa 100644 --- a/test/testutil/format_output.c +++ b/test/testutil/format_output.c @@ -42,7 +42,8 @@ static void test_fail_string_common(const char *prefix, const char *file, const char *op, const char *m1, size_t l1, const char *m2, size_t l2) { - const size_t width = (MAX_STRING_WIDTH - subtest_level() - 12) / 16 * 16; + const size_t width = + (MAX_STRING_WIDTH - BIO_get_indent(bio_err) - 12) / 16 * 16; char b1[MAX_STRING_WIDTH + 1], b2[MAX_STRING_WIDTH + 1]; char bdiff[MAX_STRING_WIDTH + 1]; size_t n1, n2, i; diff --git a/test/testutil/output.h b/test/testutil/output.h index def76af151..8da73e2ac7 100644 --- a/test/testutil/output.h +++ b/test/testutil/output.h @@ -35,20 +35,31 @@ */ void test_open_streams(void); void test_close_streams(void); +void test_adjust_streams_tap_level(int level); /* The following ALL return the number of characters written */ int test_vprintf_stdout(const char *fmt, va_list ap) ossl_test__attr__((__format__(ossl_test__printf__, 1, 0))); +int test_vprintf_tapout(const char *fmt, va_list ap) + ossl_test__attr__((__format__(ossl_test__printf__, 1, 0))); int test_vprintf_stderr(const char *fmt, va_list ap) ossl_test__attr__((__format__(ossl_test__printf__, 1, 0))); +int test_vprintf_taperr(const char *fmt, va_list ap) + ossl_test__attr__((__format__(ossl_test__printf__, 1, 0))); /* These return failure or success */ int test_flush_stdout(void); +int test_flush_tapout(void); int test_flush_stderr(void); +int test_flush_taperr(void); /* Commodity functions. There's no need to override these */ int test_printf_stdout(const char *fmt, ...) ossl_test__attr__((__format__(ossl_test__printf__, 1, 2))); +int test_printf_tapout(const char *fmt, ...) + ossl_test__attr__((__format__(ossl_test__printf__, 1, 2))); int test_printf_stderr(const char *fmt, ...) ossl_test__attr__((__format__(ossl_test__printf__, 1, 2))); +int test_printf_taperr(const char *fmt, ...) + ossl_test__attr__((__format__(ossl_test__printf__, 1, 2))); # undef ossl_test__printf__ # undef ossl_test__attr__ diff --git a/test/testutil/output_helpers.c b/test/testutil/output_helpers.c index eb614f1281..64e99dac62 100644 --- a/test/testutil/output_helpers.c +++ b/test/testutil/output_helpers.c @@ -32,3 +32,27 @@ int test_printf_stderr(const char *fmt, ...) return ret; } + +int test_printf_tapout(const char *fmt, ...) +{ + va_list ap; + int ret; + + va_start(ap, fmt); + ret = test_vprintf_tapout(fmt, ap); + va_end(ap); + + return ret; +} + +int test_printf_taperr(const char *fmt, ...) +{ + va_list ap; + int ret; + + va_start(ap, fmt); + ret = test_vprintf_taperr(fmt, ap); + va_end(ap); + + return ret; +} diff --git a/test/testutil/tap_bio.c b/test/testutil/tap_bio.c deleted file mode 100644 index f3ee2787d2..0000000000 --- a/test/testutil/tap_bio.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "tu_local.h" - -static int tap_write_ex(BIO *b, const char *buf, size_t size, size_t *in_size); -static int tap_read_ex(BIO *b, char *buf, size_t size, size_t *out_size); -static int tap_puts(BIO *b, const char *str); -static int tap_gets(BIO *b, char *str, int size); -static long tap_ctrl(BIO *b, int cmd, long arg1, void *arg2); -static int tap_new(BIO *b); -static int tap_free(BIO *b); -static long tap_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); - -const BIO_METHOD *BIO_f_tap(void) -{ - static BIO_METHOD *tap = NULL; - - if (tap == NULL) { - tap = BIO_meth_new(BIO_TYPE_START | BIO_TYPE_FILTER, "tap"); - if (tap != NULL) { - BIO_meth_set_write_ex(tap, tap_write_ex); - BIO_meth_set_read_ex(tap, tap_read_ex); - BIO_meth_set_puts(tap, tap_puts); - BIO_meth_set_gets(tap, tap_gets); - BIO_meth_set_ctrl(tap, tap_ctrl); - BIO_meth_set_create(tap, tap_new); - BIO_meth_set_destroy(tap, tap_free); - BIO_meth_set_callback_ctrl(tap, tap_callback_ctrl); - } - } - return tap; -} - -static int tap_new(BIO *b) -{ - BIO_set_data(b, NULL); - BIO_set_init(b, 1); - return 1; -} - -static int tap_free(BIO *b) -{ - if (b == NULL) - return 0; - BIO_set_data(b, NULL); - BIO_set_init(b, 0); - return 1; -} - -static int tap_read_ex(BIO *b, char *buf, size_t size, size_t *out_size) -{ - BIO *next = BIO_next(b); - int ret = 0; - - ret = BIO_read_ex(next, buf, size, out_size); - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return ret; -} - -/* - * Output a string to the specified bio and return 1 if successful. - */ -static int write_string(BIO *b, const char *buf, size_t n) -{ - size_t m; - - return BIO_write_ex(b, buf, n, &m) != 0 && m == n; -} - -/* - * Write some data. - * - * This function implements a simple state machine that detects new lines. - * It indents the output and prefixes it with a '#' character. - * - * It returns the number of input characters that were output in in_size. - * More characters than this will likely have been output however any calling - * code will be unable to correctly assess the actual number of characters - * emitted and would be prone to failure if the actual number were returned. - * - * The BIO_data field is used as our state. If it is NULL, we've just - * seen a new line. If it is not NULL, we're processing characters in a line. - */ -static int tap_write_ex(BIO *b, const char *buf, size_t size, size_t *in_size) -{ - static char empty[] = ""; - BIO *next = BIO_next(b); - size_t i; - int j; - - for (i = 0; i < size; i++) { - if (BIO_get_data(b) == NULL) { - BIO_set_data(b, empty); - for (j = 0; j < subtest_level(); j++) - if (!write_string(next, " ", 1)) - goto err; - if (!write_string(next, "# ", 2)) - goto err; - } - if (!write_string(next, buf + i, 1)) - goto err; - if (buf[i] == '\n') - BIO_set_data(b, NULL); - } - *in_size = i; - return 1; - -err: - *in_size = i; - return 0; -} - -static long tap_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - BIO *next = BIO_next(b); - - switch (cmd) { - case BIO_CTRL_RESET: - BIO_set_data(b, NULL); - break; - - default: - break; - } - return BIO_ctrl(next, cmd, num, ptr); -} - -static long tap_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - return BIO_callback_ctrl(BIO_next(b), cmd, fp); -} - -static int tap_gets(BIO *b, char *buf, int size) -{ - return BIO_gets(BIO_next(b), buf, size); -} - -static int tap_puts(BIO *b, const char *str) -{ - size_t m; - - if (!tap_write_ex(b, str, strlen(str), &m)) - return 0; - return m; -} From scan-admin at coverity.com Sun Jun 7 07:52:36 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 07 Jun 2020 07:52:36 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5edc9cc47bb1a_2fb4442ae67f602f5828058@appnode-2.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDoN19TFJwpfzx7faM2hcaNQ-3D-3DewN1_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGMdGjqenp2BxAO6nNhM-2FhLQpyS-2BJN6XOej1zu3OWsySpeO23qY96IHX0Z3LQzOopNGmhjVx6xhsy87CDifqqyRRH5bhdNGF3vnm1Ov3-2FVoFk48GxJLVDdarNQXeWw2mqQpm-2BVIqwmJCR1uE1-2BsQIw0NzmgNsdP1rfWbwhthSxY53id3y1cyM60dz3HRkCoAZg-3D Build ID: 319341 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Jun 7 07:54:18 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 07 Jun 2020 07:54:18 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5edc9d2a2fb8_2fb5332ae67f602f582801c@appnode-2.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDi0WH2X69cApo3pLD935e8Q-3D-3D4jIf_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHez-2Ffrt7AUi47qj7cELnd55fTkqzTaD5dPlCUM6wwTxj6DXkr7sJUho53sNQV7vNkfVEHuSW6P3goNSMtBmnLDxQyPaIFDCrcXhPf-2FM4-2FQbgZ7tUtIao5V4y7-2Bxqw326pGMi4Y4IaizVF7xHf3zwNW-2BeOadXoBa-2Fd1xS7-2Fa0SByZndJRxZDjRWvnQXU-2FWTpsw-3D Build ID: 319339 Analysis Summary: New defects found: 1 Defects eliminated: 5 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/ls/click?upn=QsMnDxMCOVVs7CDlyD2jouKTgNlKFinTRd3y-2BJC7sZryfVdWHH2BBU620aHLHGfhMXPTHYY5wQ5zOiTMnTlWDg-3D-3DGBrN_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHez-2Ffrt7AUi47qj7cELnd55fTkqzTaD5dPlCUM6wwTxqfBFJmZfIvd0iYC8LlflhyJfJZrPJ6UiXf-2FSiJMXCuLyz0G3BOfAqxAhbQ7nkmth51piU7FTdLxVbuWv1f3rLXVfl5HHq1uJsYR-2BHRUCf9NhreEjRNWN5BwzjTJJXMJKqR2Iii5utp-2BfOe-2BTLw7MGU-3D From nic.tuv at gmail.com Sun Jun 7 11:50:22 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Sun, 07 Jun 2020 11:50:22 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1591530622.491267.28491.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 49eebbc408535e8670cb62ea661b696ec5819f15 (commit) from ad178c15a112d10380a6446127b069270af666de (commit) - Log ----------------------------------------------------------------- commit 49eebbc408535e8670cb62ea661b696ec5819f15 Author: Nicola Tuveri Date: Tue Jun 2 21:06:48 2020 +0300 [crypto/ec] Remove unreachable AVX2 code in NISTZ256 implementation `crypto/ec/ecp_nistz256.c` contained code sections guarded by a `ECP_NISTZ256_AVX2` define. The relevant comment read: > /* > * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great > * code processing 4 points in parallel, corresponding serial operation > * is several times slower, because it uses 29x29=58-bit multiplication > * as opposite to 64x64=128-bit in integer-only scalar case. As result > * it doesn't provide *significant* performance improvement. Note that > * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work, > * you'd need to compile even asm/ecp_nistz256-avx.pl module. > */ Without diminishing the quality of the original submission, it's evident that this code has been basically unreachable without modifications to the library source code and is under-tested. This commit removes these sections from the codebase. (cherry picked from commit 00da0f69890874feaa555fafb99b967b861e9118 , backported from https://github.com/openssl/openssl/pull/12019 ) Reviewed-by: Kurt Roeckx Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/12046) ----------------------------------------------------------------------- Summary of changes: crypto/ec/asm/ecp_nistz256-avx2.pl | 2080 ------------------------------------ crypto/ec/ecp_nistz256.c | 300 +----- 2 files changed, 46 insertions(+), 2334 deletions(-) delete mode 100755 crypto/ec/asm/ecp_nistz256-avx2.pl diff --git a/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/ec/asm/ecp_nistz256-avx2.pl deleted file mode 100755 index 5071d09ac2..0000000000 --- a/crypto/ec/asm/ecp_nistz256-avx2.pl +++ /dev/null @@ -1,2080 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# Copyright (c) 2014, Intel Corporation. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) -# (1) Intel Corporation, Israel Development Center, Haifa, Israel -# (2) University of Haifa, Israel -# -# Reference: -# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with -# 256 Bit Primes" - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); - $addx = ($1>=2.23); -} - -if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); - $addx = ($1>=2.10); -} - -if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); - $addx = ($1>=12); -} - -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { - my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 - $avx = ($ver>=3.0) + ($ver>=3.01); - $addx = ($ver>=3.03); -} - -if ($avx>=2) {{ -$digit_size = "\$29"; -$n_digits = "\$9"; - -$code.=<<___; -.text - -.align 64 -.LAVX2_AND_MASK: -.LAVX2_POLY: -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x000001ff, 0x000001ff, 0x000001ff, 0x000001ff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00040000, 0x00040000, 0x00040000, 0x00040000 -.quad 0x1fe00000, 0x1fe00000, 0x1fe00000, 0x1fe00000 -.quad 0x00ffffff, 0x00ffffff, 0x00ffffff, 0x00ffffff - -.LAVX2_POLY_x2: -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x400007FC, 0x400007FC, 0x400007FC, 0x400007FC -.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE -.quad 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE, 0x3FFFFFFE -.quad 0x400FFFFE, 0x400FFFFE, 0x400FFFFE, 0x400FFFFE -.quad 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE, 0x7F7FFFFE -.quad 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC, 0x03FFFFFC - -.LAVX2_POLY_x8: -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8, 0xFFFFFFF8 -.quad 0x80000FF8, 0x80000FF8, 0x80000FF8, 0x80000FF8 -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC, 0x7FFFFFFC -.quad 0x801FFFFC, 0x801FFFFC, 0x801FFFFC, 0x801FFFFC -.quad 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC, 0xFEFFFFFC -.quad 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8, 0x07FFFFF8 - -.LONE: -.quad 0x00000020, 0x00000020, 0x00000020, 0x00000020 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1fffc000, 0x1fffc000, 0x1fffc000, 0x1fffc000 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1f7fffff, 0x1f7fffff, 0x1f7fffff, 0x1f7fffff -.quad 0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 - -# RR = 2^266 mod p in AVX2 format, to transform from the native OpenSSL -# Montgomery form (*2^256) to our format (*2^261) - -.LTO_MONT_AVX2: -.quad 0x00000400, 0x00000400, 0x00000400, 0x00000400 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1ff80000, 0x1ff80000, 0x1ff80000, 0x1ff80000 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x0fffffff, 0x0fffffff, 0x0fffffff, 0x0fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x00000003, 0x00000003, 0x00000003, 0x00000003 - -.LFROM_MONT_AVX2: -.quad 0x00000001, 0x00000001, 0x00000001, 0x00000001 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 -.quad 0x1ffffe00, 0x1ffffe00, 0x1ffffe00, 0x1ffffe00 -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1fffffff, 0x1fffffff, 0x1fffffff, 0x1fffffff -.quad 0x1ffbffff, 0x1ffbffff, 0x1ffbffff, 0x1ffbffff -.quad 0x001fffff, 0x001fffff, 0x001fffff, 0x001fffff -.quad 0x00000000, 0x00000000, 0x00000000, 0x00000000 - -.LIntOne: -.long 1,1,1,1,1,1,1,1 -___ - -{ -# This function receives a pointer to an array of four affine points -# (X, Y, <1>) and rearranges the data for AVX2 execution, while -# converting it to 2^29 radix redundant form - -my ($X0,$X1,$X2,$X3, $Y0,$Y1,$Y2,$Y3, - $T0,$T1,$T2,$T3, $T4,$T5,$T6,$T7)=map("%ymm$_",(0..15)); - -$code.=<<___; -.globl ecp_nistz256_avx2_transpose_convert -.type ecp_nistz256_avx2_transpose_convert,\@function,2 -.align 64 -ecp_nistz256_avx2_transpose_convert: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - # Load the data - vmovdqa 32*0(%rsi), $X0 - lea 112(%rsi), %rax # size optimization - vmovdqa 32*1(%rsi), $Y0 - lea .LAVX2_AND_MASK(%rip), %rdx - vmovdqa 32*2(%rsi), $X1 - vmovdqa 32*3(%rsi), $Y1 - vmovdqa 32*4-112(%rax), $X2 - vmovdqa 32*5-112(%rax), $Y2 - vmovdqa 32*6-112(%rax), $X3 - vmovdqa 32*7-112(%rax), $Y3 - - # Transpose X and Y independently - vpunpcklqdq $X1, $X0, $T0 # T0 = [B2 A2 B0 A0] - vpunpcklqdq $X3, $X2, $T1 # T1 = [D2 C2 D0 C0] - vpunpckhqdq $X1, $X0, $T2 # T2 = [B3 A3 B1 A1] - vpunpckhqdq $X3, $X2, $T3 # T3 = [D3 C3 D1 C1] - - vpunpcklqdq $Y1, $Y0, $T4 - vpunpcklqdq $Y3, $Y2, $T5 - vpunpckhqdq $Y1, $Y0, $T6 - vpunpckhqdq $Y3, $Y2, $T7 - - vperm2i128 \$0x20, $T1, $T0, $X0 # X0 = [D0 C0 B0 A0] - vperm2i128 \$0x20, $T3, $T2, $X1 # X1 = [D1 C1 B1 A1] - vperm2i128 \$0x31, $T1, $T0, $X2 # X2 = [D2 C2 B2 A2] - vperm2i128 \$0x31, $T3, $T2, $X3 # X3 = [D3 C3 B3 A3] - - vperm2i128 \$0x20, $T5, $T4, $Y0 - vperm2i128 \$0x20, $T7, $T6, $Y1 - vperm2i128 \$0x31, $T5, $T4, $Y2 - vperm2i128 \$0x31, $T7, $T6, $Y3 - vmovdqa (%rdx), $T7 - - vpand (%rdx), $X0, $T0 # out[0] = in[0] & mask; - vpsrlq \$29, $X0, $X0 - vpand $T7, $X0, $T1 # out[1] = (in[0] >> shift) & mask; - vpsrlq \$29, $X0, $X0 - vpsllq \$6, $X1, $T2 - vpxor $X0, $T2, $T2 - vpand $T7, $T2, $T2 # out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask; - vpsrlq \$23, $X1, $X1 - vpand $T7, $X1, $T3 # out[3] = (in[1] >> ((shift*3)%64)) & mask; - vpsrlq \$29, $X1, $X1 - vpsllq \$12, $X2, $T4 - vpxor $X1, $T4, $T4 - vpand $T7, $T4, $T4 # out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask; - vpsrlq \$17, $X2, $X2 - vpand $T7, $X2, $T5 # out[5] = (in[2] >> ((shift*5)%64)) & mask; - vpsrlq \$29, $X2, $X2 - vpsllq \$18, $X3, $T6 - vpxor $X2, $T6, $T6 - vpand $T7, $T6, $T6 # out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask; - vpsrlq \$11, $X3, $X3 - vmovdqa $T0, 32*0(%rdi) - lea 112(%rdi), %rax # size optimization - vpand $T7, $X3, $T0 # out[7] = (in[3] >> ((shift*7)%64)) & mask; - vpsrlq \$29, $X3, $X3 # out[8] = (in[3] >> ((shift*8)%64)) & mask; - - vmovdqa $T1, 32*1(%rdi) - vmovdqa $T2, 32*2(%rdi) - vmovdqa $T3, 32*3(%rdi) - vmovdqa $T4, 32*4-112(%rax) - vmovdqa $T5, 32*5-112(%rax) - vmovdqa $T6, 32*6-112(%rax) - vmovdqa $T0, 32*7-112(%rax) - vmovdqa $X3, 32*8-112(%rax) - lea 448(%rdi), %rax # size optimization - - vpand $T7, $Y0, $T0 # out[0] = in[0] & mask; - vpsrlq \$29, $Y0, $Y0 - vpand $T7, $Y0, $T1 # out[1] = (in[0] >> shift) & mask; - vpsrlq \$29, $Y0, $Y0 - vpsllq \$6, $Y1, $T2 - vpxor $Y0, $T2, $T2 - vpand $T7, $T2, $T2 # out[2] = ((in[0] >> (shift*2)) ^ (in[1] << (64-shift*2))) & mask; - vpsrlq \$23, $Y1, $Y1 - vpand $T7, $Y1, $T3 # out[3] = (in[1] >> ((shift*3)%64)) & mask; - vpsrlq \$29, $Y1, $Y1 - vpsllq \$12, $Y2, $T4 - vpxor $Y1, $T4, $T4 - vpand $T7, $T4, $T4 # out[4] = ((in[1] >> ((shift*4)%64)) ^ (in[2] << (64*2-shift*4))) & mask; - vpsrlq \$17, $Y2, $Y2 - vpand $T7, $Y2, $T5 # out[5] = (in[2] >> ((shift*5)%64)) & mask; - vpsrlq \$29, $Y2, $Y2 - vpsllq \$18, $Y3, $T6 - vpxor $Y2, $T6, $T6 - vpand $T7, $T6, $T6 # out[6] = ((in[2] >> ((shift*6)%64)) ^ (in[3] << (64*3-shift*6))) & mask; - vpsrlq \$11, $Y3, $Y3 - vmovdqa $T0, 32*9-448(%rax) - vpand $T7, $Y3, $T0 # out[7] = (in[3] >> ((shift*7)%64)) & mask; - vpsrlq \$29, $Y3, $Y3 # out[8] = (in[3] >> ((shift*8)%64)) & mask; - - vmovdqa $T1, 32*10-448(%rax) - vmovdqa $T2, 32*11-448(%rax) - vmovdqa $T3, 32*12-448(%rax) - vmovdqa $T4, 32*13-448(%rax) - vmovdqa $T5, 32*14-448(%rax) - vmovdqa $T6, 32*15-448(%rax) - vmovdqa $T0, 32*16-448(%rax) - vmovdqa $Y3, 32*17-448(%rax) - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_transpose_convert,.-ecp_nistz256_avx2_transpose_convert -___ -} -{ -################################################################################ -# This function receives a pointer to an array of four AVX2 formatted points -# (X, Y, Z) convert the data to normal representation, and rearranges the data - -my ($D0,$D1,$D2,$D3, $D4,$D5,$D6,$D7, $D8)=map("%ymm$_",(0..8)); -my ($T0,$T1,$T2,$T3, $T4,$T5,$T6)=map("%ymm$_",(9..15)); - -$code.=<<___; - -.globl ecp_nistz256_avx2_convert_transpose_back -.type ecp_nistz256_avx2_convert_transpose_back,\@function,2 -.align 32 -ecp_nistz256_avx2_convert_transpose_back: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - mov \$3, %ecx - -.Lconv_loop: - vmovdqa 32*0(%rsi), $D0 - lea 160(%rsi), %rax # size optimization - vmovdqa 32*1(%rsi), $D1 - vmovdqa 32*2(%rsi), $D2 - vmovdqa 32*3(%rsi), $D3 - vmovdqa 32*4-160(%rax), $D4 - vmovdqa 32*5-160(%rax), $D5 - vmovdqa 32*6-160(%rax), $D6 - vmovdqa 32*7-160(%rax), $D7 - vmovdqa 32*8-160(%rax), $D8 - - vpsllq \$29, $D1, $D1 - vpsllq \$58, $D2, $T0 - vpaddq $D1, $D0, $D0 - vpaddq $T0, $D0, $D0 # out[0] = (in[0]) ^ (in[1] << shift*1) ^ (in[2] << shift*2); - - vpsrlq \$6, $D2, $D2 - vpsllq \$23, $D3, $D3 - vpsllq \$52, $D4, $T1 - vpaddq $D2, $D3, $D3 - vpaddq $D3, $T1, $D1 # out[1] = (in[2] >> (64*1-shift*2)) ^ (in[3] << shift*3%64) ^ (in[4] << shift*4%64); - - vpsrlq \$12, $D4, $D4 - vpsllq \$17, $D5, $D5 - vpsllq \$46, $D6, $T2 - vpaddq $D4, $D5, $D5 - vpaddq $D5, $T2, $D2 # out[2] = (in[4] >> (64*2-shift*4)) ^ (in[5] << shift*5%64) ^ (in[6] << shift*6%64); - - vpsrlq \$18, $D6, $D6 - vpsllq \$11, $D7, $D7 - vpsllq \$40, $D8, $T3 - vpaddq $D6, $D7, $D7 - vpaddq $D7, $T3, $D3 # out[3] = (in[6] >> (64*3-shift*6)) ^ (in[7] << shift*7%64) ^ (in[8] << shift*8%64); - - vpunpcklqdq $D1, $D0, $T0 # T0 = [B2 A2 B0 A0] - vpunpcklqdq $D3, $D2, $T1 # T1 = [D2 C2 D0 C0] - vpunpckhqdq $D1, $D0, $T2 # T2 = [B3 A3 B1 A1] - vpunpckhqdq $D3, $D2, $T3 # T3 = [D3 C3 D1 C1] - - vperm2i128 \$0x20, $T1, $T0, $D0 # X0 = [D0 C0 B0 A0] - vperm2i128 \$0x20, $T3, $T2, $D1 # X1 = [D1 C1 B1 A1] - vperm2i128 \$0x31, $T1, $T0, $D2 # X2 = [D2 C2 B2 A2] - vperm2i128 \$0x31, $T3, $T2, $D3 # X3 = [D3 C3 B3 A3] - - vmovdqa $D0, 32*0(%rdi) - vmovdqa $D1, 32*3(%rdi) - vmovdqa $D2, 32*6(%rdi) - vmovdqa $D3, 32*9(%rdi) - - lea 32*9(%rsi), %rsi - lea 32*1(%rdi), %rdi - - dec %ecx - jnz .Lconv_loop - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_convert_transpose_back,.-ecp_nistz256_avx2_convert_transpose_back -___ -} -{ -my ($r_ptr,$a_ptr,$b_ptr,$itr)=("%rdi","%rsi","%rdx","%ecx"); -my ($ACC0,$ACC1,$ACC2,$ACC3,$ACC4,$ACC5,$ACC6,$ACC7,$ACC8)=map("%ymm$_",(0..8)); -my ($B,$Y,$T0,$AND_MASK,$OVERFLOW)=map("%ymm$_",(9..13)); - -sub NORMALIZE { -my $ret=<<___; - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 -___ - $ret; -} - -sub STORE { -my $ret=<<___; - vmovdqa $ACC0, 32*0(%rdi) - lea 160(%rdi), %rax # size optimization - vmovdqa $ACC1, 32*1(%rdi) - vmovdqa $ACC2, 32*2(%rdi) - vmovdqa $ACC3, 32*3(%rdi) - vmovdqa $ACC4, 32*4-160(%rax) - vmovdqa $ACC5, 32*5-160(%rax) - vmovdqa $ACC6, 32*6-160(%rax) - vmovdqa $ACC7, 32*7-160(%rax) - vmovdqa $ACC8, 32*8-160(%rax) -___ - $ret; -} - -$code.=<<___; -.type avx2_normalize,\@abi-omnipotent -.align 32 -avx2_normalize: - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 - - ret -.size avx2_normalize,.-avx2_normalize - -.type avx2_normalize_n_store,\@abi-omnipotent -.align 32 -avx2_normalize_n_store: - vpsrlq $digit_size, $ACC0, $T0 - vpand $AND_MASK, $ACC0, $ACC0 - vpaddq $T0, $ACC1, $ACC1 - - vpsrlq $digit_size, $ACC1, $T0 - vpand $AND_MASK, $ACC1, $ACC1 - vmovdqa $ACC0, 32*0(%rdi) - lea 160(%rdi), %rax # size optimization - vpaddq $T0, $ACC2, $ACC2 - - vpsrlq $digit_size, $ACC2, $T0 - vpand $AND_MASK, $ACC2, $ACC2 - vmovdqa $ACC1, 32*1(%rdi) - vpaddq $T0, $ACC3, $ACC3 - - vpsrlq $digit_size, $ACC3, $T0 - vpand $AND_MASK, $ACC3, $ACC3 - vmovdqa $ACC2, 32*2(%rdi) - vpaddq $T0, $ACC4, $ACC4 - - vpsrlq $digit_size, $ACC4, $T0 - vpand $AND_MASK, $ACC4, $ACC4 - vmovdqa $ACC3, 32*3(%rdi) - vpaddq $T0, $ACC5, $ACC5 - - vpsrlq $digit_size, $ACC5, $T0 - vpand $AND_MASK, $ACC5, $ACC5 - vmovdqa $ACC4, 32*4-160(%rax) - vpaddq $T0, $ACC6, $ACC6 - - vpsrlq $digit_size, $ACC6, $T0 - vpand $AND_MASK, $ACC6, $ACC6 - vmovdqa $ACC5, 32*5-160(%rax) - vpaddq $T0, $ACC7, $ACC7 - - vpsrlq $digit_size, $ACC7, $T0 - vpand $AND_MASK, $ACC7, $ACC7 - vmovdqa $ACC6, 32*6-160(%rax) - vpaddq $T0, $ACC8, $ACC8 - #vpand $AND_MASK, $ACC8, $ACC8 - vmovdqa $ACC7, 32*7-160(%rax) - vmovdqa $ACC8, 32*8-160(%rax) - - ret -.size avx2_normalize_n_store,.-avx2_normalize_n_store - -################################################################################ -# void avx2_mul_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_mul_x4,\@abi-omnipotent -.align 32 -avx2_mul_x4: - lea .LAVX2_POLY(%rip), %rax - - vpxor $ACC0, $ACC0, $ACC0 - vpxor $ACC1, $ACC1, $ACC1 - vpxor $ACC2, $ACC2, $ACC2 - vpxor $ACC3, $ACC3, $ACC3 - vpxor $ACC4, $ACC4, $ACC4 - vpxor $ACC5, $ACC5, $ACC5 - vpxor $ACC6, $ACC6, $ACC6 - vpxor $ACC7, $ACC7, $ACC7 - - vmovdqa 32*7(%rax), %ymm14 - vmovdqa 32*8(%rax), %ymm15 - - mov $n_digits, $itr - lea -512($a_ptr), $a_ptr # strategic bias to control u-op density - jmp .Lavx2_mul_x4_loop - -.align 32 -.Lavx2_mul_x4_loop: - vmovdqa 32*0($b_ptr), $B - lea 32*1($b_ptr), $b_ptr - - vpmuludq 32*0+512($a_ptr), $B, $T0 - vpmuludq 32*1+512($a_ptr), $B, $OVERFLOW # borrow $OVERFLOW - vpaddq $T0, $ACC0, $ACC0 - vpmuludq 32*2+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC1, $ACC1 - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*3+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*4+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*5+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*6+512($a_ptr), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*7+512($a_ptr), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - # Skip some multiplications, optimizing for the constant poly - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*8+512($a_ptr), $B, $ACC8 - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - .byte 0x67 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $OVERFLOW - .byte 0x67 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $T0 - vpaddq $OVERFLOW, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $OVERFLOW - vpaddq $T0, $ACC7, $ACC6 - vpaddq $OVERFLOW, $ACC8, $ACC7 - - dec $itr - jnz .Lavx2_mul_x4_loop - - vpxor $ACC8, $ACC8, $ACC8 - - ret -.size avx2_mul_x4,.-avx2_mul_x4 - -# Function optimized for the constant 1 -################################################################################ -# void avx2_mul_by1_x4(void* RESULTx4, void *Ax4); -.type avx2_mul_by1_x4,\@abi-omnipotent -.align 32 -avx2_mul_by1_x4: - lea .LAVX2_POLY(%rip), %rax - - vpxor $ACC0, $ACC0, $ACC0 - vpxor $ACC1, $ACC1, $ACC1 - vpxor $ACC2, $ACC2, $ACC2 - vpxor $ACC3, $ACC3, $ACC3 - vpxor $ACC4, $ACC4, $ACC4 - vpxor $ACC5, $ACC5, $ACC5 - vpxor $ACC6, $ACC6, $ACC6 - vpxor $ACC7, $ACC7, $ACC7 - vpxor $ACC8, $ACC8, $ACC8 - - vmovdqa 32*3+.LONE(%rip), %ymm14 - vmovdqa 32*7+.LONE(%rip), %ymm15 - - mov $n_digits, $itr - jmp .Lavx2_mul_by1_x4_loop - -.align 32 -.Lavx2_mul_by1_x4_loop: - vmovdqa 32*0($a_ptr), $B - .byte 0x48,0x8d,0xb6,0x20,0,0,0 # lea 32*1($a_ptr), $a_ptr - - vpsllq \$5, $B, $OVERFLOW - vpmuludq %ymm14, $B, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC3 - .byte 0x67 - vpmuludq $AND_MASK, $B, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $T0, $ACC4, $ACC4 - vpaddq $T0, $ACC5, $ACC5 - vpaddq $T0, $ACC6, $ACC6 - vpsllq \$23, $B, $T0 - - .byte 0x67,0x67 - vpmuludq %ymm15, $B, $OVERFLOW - vpsubq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - .byte 0x67,0x67 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $OVERFLOW - vmovdqa $ACC5, $ACC4 - vpmuludq 32*7(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC6, $ACC5 - vpaddq $T0, $ACC7, $ACC6 - vpmuludq 32*8(%rax), $Y, $ACC7 - - dec $itr - jnz .Lavx2_mul_by1_x4_loop - - ret -.size avx2_mul_by1_x4,.-avx2_mul_by1_x4 - -################################################################################ -# void avx2_sqr_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_sqr_x4,\@abi-omnipotent -.align 32 -avx2_sqr_x4: - lea .LAVX2_POLY(%rip), %rax - - vmovdqa 32*7(%rax), %ymm14 - vmovdqa 32*8(%rax), %ymm15 - - vmovdqa 32*0($a_ptr), $B - vmovdqa 32*1($a_ptr), $ACC1 - vmovdqa 32*2($a_ptr), $ACC2 - vmovdqa 32*3($a_ptr), $ACC3 - vmovdqa 32*4($a_ptr), $ACC4 - vmovdqa 32*5($a_ptr), $ACC5 - vmovdqa 32*6($a_ptr), $ACC6 - vmovdqa 32*7($a_ptr), $ACC7 - vpaddq $ACC1, $ACC1, $ACC1 # 2*$ACC0..7 - vmovdqa 32*8($a_ptr), $ACC8 - vpaddq $ACC2, $ACC2, $ACC2 - vmovdqa $ACC1, 32*0(%rcx) - vpaddq $ACC3, $ACC3, $ACC3 - vmovdqa $ACC2, 32*1(%rcx) - vpaddq $ACC4, $ACC4, $ACC4 - vmovdqa $ACC3, 32*2(%rcx) - vpaddq $ACC5, $ACC5, $ACC5 - vmovdqa $ACC4, 32*3(%rcx) - vpaddq $ACC6, $ACC6, $ACC6 - vmovdqa $ACC5, 32*4(%rcx) - vpaddq $ACC7, $ACC7, $ACC7 - vmovdqa $ACC6, 32*5(%rcx) - vpaddq $ACC8, $ACC8, $ACC8 - vmovdqa $ACC7, 32*6(%rcx) - vmovdqa $ACC8, 32*7(%rcx) - - #itr 1 - vpmuludq $B, $B, $ACC0 - vpmuludq $B, $ACC1, $ACC1 - vpand $AND_MASK, $ACC0, $Y - vpmuludq $B, $ACC2, $ACC2 - vpmuludq $B, $ACC3, $ACC3 - vpmuludq $B, $ACC4, $ACC4 - vpmuludq $B, $ACC5, $ACC5 - vpmuludq $B, $ACC6, $ACC6 - vpmuludq $AND_MASK, $Y, $T0 - vpmuludq $B, $ACC7, $ACC7 - vpmuludq $B, $ACC8, $ACC8 - vmovdqa 32*1($a_ptr), $B - - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 2 - vpmuludq $B, $B, $OVERFLOW - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*1(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC1, $ACC1 - vpmuludq 32*2(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*2($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 3 - vpmuludq $B, $B, $T0 - vpand $AND_MASK, $ACC0, $Y - vpmuludq 32*2(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC2, $ACC2 - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*3($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 4 - vpmuludq $B, $B, $OVERFLOW - vpmuludq 32*3(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC3, $ACC3 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*4($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 5 - vpmuludq $B, $B, $T0 - vpmuludq 32*4(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC4, $ACC4 - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*5($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3+.LAVX2_POLY(%rip), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 6 - vpmuludq $B, $B, $OVERFLOW - vpmuludq 32*5(%rcx), $B, $T0 - vpaddq $OVERFLOW, $ACC5, $ACC5 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*6($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 7 - vpmuludq $B, $B, $T0 - vpmuludq 32*6(%rcx), $B, $OVERFLOW - vpaddq $T0, $ACC6, $ACC6 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*7($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 8 - vpmuludq $B, $B, $OVERFLOW - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC7 - vpmuludq 32*7(%rcx), $B, $ACC8 - vmovdqa 32*8($a_ptr), $B - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpand $AND_MASK, $ACC0, $Y - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - #itr 9 - vpmuludq $B, $B, $ACC8 - - vpmuludq $AND_MASK, $Y, $T0 - vpaddq $T0, $ACC0, $OVERFLOW - vpsrlq $digit_size, $OVERFLOW, $OVERFLOW - vpaddq $T0, $ACC1, $ACC0 - vpaddq $T0, $ACC2, $ACC1 - vpmuludq 32*3(%rax), $Y, $T0 - vpaddq $OVERFLOW, $ACC0, $ACC0 - vpaddq $T0, $ACC3, $ACC2 - vmovdqa $ACC4, $ACC3 - vpsllq \$18, $Y, $T0 - vmovdqa $ACC5, $ACC4 - vpmuludq %ymm14, $Y, $OVERFLOW - vpaddq $T0, $ACC6, $ACC5 - vpmuludq %ymm15, $Y, $T0 - vpaddq $OVERFLOW, $ACC7, $ACC6 - vpaddq $T0, $ACC8, $ACC7 - - vpxor $ACC8, $ACC8, $ACC8 - - ret -.size avx2_sqr_x4,.-avx2_sqr_x4 - -################################################################################ -# void avx2_sub_x4(void* RESULTx4, void *Ax4, void *Bx4); -.type avx2_sub_x4,\@abi-omnipotent -.align 32 -avx2_sub_x4: - vmovdqa 32*0($a_ptr), $ACC0 - lea 160($a_ptr), $a_ptr - lea .LAVX2_POLY_x8+128(%rip), %rax - lea 128($b_ptr), $b_ptr - vmovdqa 32*1-160($a_ptr), $ACC1 - vmovdqa 32*2-160($a_ptr), $ACC2 - vmovdqa 32*3-160($a_ptr), $ACC3 - vmovdqa 32*4-160($a_ptr), $ACC4 - vmovdqa 32*5-160($a_ptr), $ACC5 - vmovdqa 32*6-160($a_ptr), $ACC6 - vmovdqa 32*7-160($a_ptr), $ACC7 - vmovdqa 32*8-160($a_ptr), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128($b_ptr), $ACC0, $ACC0 - vpsubq 32*1-128($b_ptr), $ACC1, $ACC1 - vpsubq 32*2-128($b_ptr), $ACC2, $ACC2 - vpsubq 32*3-128($b_ptr), $ACC3, $ACC3 - vpsubq 32*4-128($b_ptr), $ACC4, $ACC4 - vpsubq 32*5-128($b_ptr), $ACC5, $ACC5 - vpsubq 32*6-128($b_ptr), $ACC6, $ACC6 - vpsubq 32*7-128($b_ptr), $ACC7, $ACC7 - vpsubq 32*8-128($b_ptr), $ACC8, $ACC8 - - ret -.size avx2_sub_x4,.-avx2_sub_x4 - -.type avx2_select_n_store,\@abi-omnipotent -.align 32 -avx2_select_n_store: - vmovdqa `8+32*9*8`(%rsp), $Y - vpor `8+32*9*8+32`(%rsp), $Y, $Y - - vpandn $ACC0, $Y, $ACC0 - vpandn $ACC1, $Y, $ACC1 - vpandn $ACC2, $Y, $ACC2 - vpandn $ACC3, $Y, $ACC3 - vpandn $ACC4, $Y, $ACC4 - vpandn $ACC5, $Y, $ACC5 - vpandn $ACC6, $Y, $ACC6 - vmovdqa `8+32*9*8+32`(%rsp), $B - vpandn $ACC7, $Y, $ACC7 - vpandn `8+32*9*8`(%rsp), $B, $B - vpandn $ACC8, $Y, $ACC8 - - vpand 32*0(%rsi), $B, $T0 - lea 160(%rsi), %rax - vpand 32*1(%rsi), $B, $Y - vpxor $T0, $ACC0, $ACC0 - vpand 32*2(%rsi), $B, $T0 - vpxor $Y, $ACC1, $ACC1 - vpand 32*3(%rsi), $B, $Y - vpxor $T0, $ACC2, $ACC2 - vpand 32*4-160(%rax), $B, $T0 - vpxor $Y, $ACC3, $ACC3 - vpand 32*5-160(%rax), $B, $Y - vpxor $T0, $ACC4, $ACC4 - vpand 32*6-160(%rax), $B, $T0 - vpxor $Y, $ACC5, $ACC5 - vpand 32*7-160(%rax), $B, $Y - vpxor $T0, $ACC6, $ACC6 - vpand 32*8-160(%rax), $B, $T0 - vmovdqa `8+32*9*8+32`(%rsp), $B - vpxor $Y, $ACC7, $ACC7 - - vpand 32*0(%rdx), $B, $Y - lea 160(%rdx), %rax - vpxor $T0, $ACC8, $ACC8 - vpand 32*1(%rdx), $B, $T0 - vpxor $Y, $ACC0, $ACC0 - vpand 32*2(%rdx), $B, $Y - vpxor $T0, $ACC1, $ACC1 - vpand 32*3(%rdx), $B, $T0 - vpxor $Y, $ACC2, $ACC2 - vpand 32*4-160(%rax), $B, $Y - vpxor $T0, $ACC3, $ACC3 - vpand 32*5-160(%rax), $B, $T0 - vpxor $Y, $ACC4, $ACC4 - vpand 32*6-160(%rax), $B, $Y - vpxor $T0, $ACC5, $ACC5 - vpand 32*7-160(%rax), $B, $T0 - vpxor $Y, $ACC6, $ACC6 - vpand 32*8-160(%rax), $B, $Y - vpxor $T0, $ACC7, $ACC7 - vpxor $Y, $ACC8, $ACC8 - `&STORE` - - ret -.size avx2_select_n_store,.-avx2_select_n_store -___ -$code.=<<___ if (0); # inlined -################################################################################ -# void avx2_mul_by2_x4(void* RESULTx4, void *Ax4); -.type avx2_mul_by2_x4,\@abi-omnipotent -.align 32 -avx2_mul_by2_x4: - vmovdqa 32*0($a_ptr), $ACC0 - lea 160($a_ptr), %rax - vmovdqa 32*1($a_ptr), $ACC1 - vmovdqa 32*2($a_ptr), $ACC2 - vmovdqa 32*3($a_ptr), $ACC3 - vmovdqa 32*4-160(%rax), $ACC4 - vmovdqa 32*5-160(%rax), $ACC5 - vmovdqa 32*6-160(%rax), $ACC6 - vmovdqa 32*7-160(%rax), $ACC7 - vmovdqa 32*8-160(%rax), $ACC8 - - vpaddq $ACC0, $ACC0, $ACC0 - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - - ret -.size avx2_mul_by2_x4,.-avx2_mul_by2_x4 -___ -my ($r_ptr_in,$a_ptr_in,$b_ptr_in)=("%rdi","%rsi","%rdx"); -my ($r_ptr,$a_ptr,$b_ptr)=("%r8","%r9","%r10"); - -$code.=<<___; -################################################################################ -# void ecp_nistz256_avx2_point_add_affine_x4(void* RESULTx4, void *Ax4, void *Bx4); -.globl ecp_nistz256_avx2_point_add_affine_x4 -.type ecp_nistz256_avx2_point_add_affine_x4,\@function,3 -.align 32 -ecp_nistz256_avx2_point_add_affine_x4: - mov %rsp, %rax - push %rbp - vzeroupper -___ -$code.=<<___ if ($win64); - lea -16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea -8(%rax), %rbp - -# Result + 32*0 = Result.X -# Result + 32*9 = Result.Y -# Result + 32*18 = Result.Z - -# A + 32*0 = A.X -# A + 32*9 = A.Y -# A + 32*18 = A.Z - -# B + 32*0 = B.X -# B + 32*9 = B.Y - - sub \$`32*9*8+32*2+32*8`, %rsp - and \$-64, %rsp - - mov $r_ptr_in, $r_ptr - mov $a_ptr_in, $a_ptr - mov $b_ptr_in, $b_ptr - - vmovdqa 32*0($a_ptr_in), %ymm0 - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - vpxor %ymm1, %ymm1, %ymm1 - lea 256($a_ptr_in), %rax # size optimization - vpor 32*1($a_ptr_in), %ymm0, %ymm0 - vpor 32*2($a_ptr_in), %ymm0, %ymm0 - vpor 32*3($a_ptr_in), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8`(%rsp) - - vpxor %ymm1, %ymm1, %ymm1 - vmovdqa 32*0($b_ptr), %ymm0 - lea 256($b_ptr), %rax # size optimization - vpor 32*1($b_ptr), %ymm0, %ymm0 - vpor 32*2($b_ptr), %ymm0, %ymm0 - vpor 32*3($b_ptr), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8+32`(%rsp) - - # Z1^2 = Z1*Z1 - lea `32*9*2`($a_ptr), %rsi - lea `32*9*2`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # U2 = X2*Z1^2 - lea `32*9*0`($b_ptr), %rsi - lea `32*9*2`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # S2 = Z1*Z1^2 = Z1^3 - lea `32*9*2`($a_ptr), %rsi - lea `32*9*2`(%rsp), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # S2 = S2*Y2 = Y2*Z1^3 - lea `32*9*1`($b_ptr), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # H = U2 - U1 = U2 - X1 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($a_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # R = S2 - S1 = S2 - Y1 - lea `32*9*1`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*4`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # Z3 = H*Z1*Z2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*2`($a_ptr), %rdx - lea `32*9*2`($r_ptr), %rdi - call avx2_mul_x4 - call avx2_normalize - - lea .LONE(%rip), %rsi - lea `32*9*2`($a_ptr), %rdx - call avx2_select_n_store - - # R^2 = R^2 - lea `32*9*4`(%rsp), %rsi - lea `32*9*6`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^2 = H^2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdi - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^3 = H^2*H - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*7`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # U2 = U1*H^2 - lea `32*9*0`($a_ptr), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # Hsqr = U2*2 - #lea 32*9*0(%rsp), %rsi - #lea 32*9*5(%rsp), %rdi - #call avx2_mul_by2_x4 - - vpaddq $ACC0, $ACC0, $ACC0 # inlined avx2_mul_by2_x4 - lea `32*9*5`(%rsp), %rdi - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - call avx2_normalize_n_store - - # X3 = R^2 - H^3 - #lea 32*9*6(%rsp), %rsi - #lea 32*9*7(%rsp), %rdx - #lea 32*9*5(%rsp), %rcx - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - # X3 = X3 - U2*2 - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - lea `32*9*6+128`(%rsp), %rsi - lea .LAVX2_POLY_x2+128(%rip), %rax - lea `32*9*7+128`(%rsp), %rdx - lea `32*9*5+128`(%rsp), %rcx - lea `32*9*0`($r_ptr), %rdi - - vmovdqa 32*0-128(%rsi), $ACC0 - vmovdqa 32*1-128(%rsi), $ACC1 - vmovdqa 32*2-128(%rsi), $ACC2 - vmovdqa 32*3-128(%rsi), $ACC3 - vmovdqa 32*4-128(%rsi), $ACC4 - vmovdqa 32*5-128(%rsi), $ACC5 - vmovdqa 32*6-128(%rsi), $ACC6 - vmovdqa 32*7-128(%rsi), $ACC7 - vmovdqa 32*8-128(%rsi), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128(%rdx), $ACC0, $ACC0 - vpsubq 32*1-128(%rdx), $ACC1, $ACC1 - vpsubq 32*2-128(%rdx), $ACC2, $ACC2 - vpsubq 32*3-128(%rdx), $ACC3, $ACC3 - vpsubq 32*4-128(%rdx), $ACC4, $ACC4 - vpsubq 32*5-128(%rdx), $ACC5, $ACC5 - vpsubq 32*6-128(%rdx), $ACC6, $ACC6 - vpsubq 32*7-128(%rdx), $ACC7, $ACC7 - vpsubq 32*8-128(%rdx), $ACC8, $ACC8 - - vpsubq 32*0-128(%rcx), $ACC0, $ACC0 - vpsubq 32*1-128(%rcx), $ACC1, $ACC1 - vpsubq 32*2-128(%rcx), $ACC2, $ACC2 - vpsubq 32*3-128(%rcx), $ACC3, $ACC3 - vpsubq 32*4-128(%rcx), $ACC4, $ACC4 - vpsubq 32*5-128(%rcx), $ACC5, $ACC5 - vpsubq 32*6-128(%rcx), $ACC6, $ACC6 - vpsubq 32*7-128(%rcx), $ACC7, $ACC7 - vpsubq 32*8-128(%rcx), $ACC8, $ACC8 - call avx2_normalize - - lea 32*0($b_ptr), %rsi - lea 32*0($a_ptr), %rdx - call avx2_select_n_store - - # H = U2 - X3 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($r_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*4`(%rsp), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*7`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`($r_ptr), %rdi - call avx2_sub_x4 - call avx2_normalize - - lea 32*9($b_ptr), %rsi - lea 32*9($a_ptr), %rdx - call avx2_select_n_store - - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_mul_by1_x4 - #NORMALIZE - #STORE - - lea `32*9*1`($r_ptr), %rsi - lea `32*9*1`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps %xmm6, -16*10(%rbp) - movaps %xmm7, -16*9(%rbp) - movaps %xmm8, -16*8(%rbp) - movaps %xmm9, -16*7(%rbp) - movaps %xmm10, -16*6(%rbp) - movaps %xmm11, -16*5(%rbp) - movaps %xmm12, -16*4(%rbp) - movaps %xmm13, -16*3(%rbp) - movaps %xmm14, -16*2(%rbp) - movaps %xmm15, -16*1(%rbp) -___ -$code.=<<___; - mov %rbp, %rsp - pop %rbp - ret -.size ecp_nistz256_avx2_point_add_affine_x4,.-ecp_nistz256_avx2_point_add_affine_x4 - -################################################################################ -# void ecp_nistz256_avx2_point_add_affines_x4(void* RESULTx4, void *Ax4, void *Bx4); -.globl ecp_nistz256_avx2_point_add_affines_x4 -.type ecp_nistz256_avx2_point_add_affines_x4,\@function,3 -.align 32 -ecp_nistz256_avx2_point_add_affines_x4: - mov %rsp, %rax - push %rbp - vzeroupper -___ -$code.=<<___ if ($win64); - lea -16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea -8(%rax), %rbp - -# Result + 32*0 = Result.X -# Result + 32*9 = Result.Y -# Result + 32*18 = Result.Z - -# A + 32*0 = A.X -# A + 32*9 = A.Y - -# B + 32*0 = B.X -# B + 32*9 = B.Y - - sub \$`32*9*8+32*2+32*8`, %rsp - and \$-64, %rsp - - mov $r_ptr_in, $r_ptr - mov $a_ptr_in, $a_ptr - mov $b_ptr_in, $b_ptr - - vmovdqa 32*0($a_ptr_in), %ymm0 - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - vpxor %ymm1, %ymm1, %ymm1 - lea 256($a_ptr_in), %rax # size optimization - vpor 32*1($a_ptr_in), %ymm0, %ymm0 - vpor 32*2($a_ptr_in), %ymm0, %ymm0 - vpor 32*3($a_ptr_in), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8`(%rsp) - - vpxor %ymm1, %ymm1, %ymm1 - vmovdqa 32*0($b_ptr), %ymm0 - lea 256($b_ptr), %rax # size optimization - vpor 32*1($b_ptr), %ymm0, %ymm0 - vpor 32*2($b_ptr), %ymm0, %ymm0 - vpor 32*3($b_ptr), %ymm0, %ymm0 - vpor 32*4-256(%rax), %ymm0, %ymm0 - lea 256(%rax), %rcx # size optimization - vpor 32*5-256(%rax), %ymm0, %ymm0 - vpor 32*6-256(%rax), %ymm0, %ymm0 - vpor 32*7-256(%rax), %ymm0, %ymm0 - vpor 32*8-256(%rax), %ymm0, %ymm0 - vpor 32*9-256(%rax), %ymm0, %ymm0 - vpor 32*10-256(%rax), %ymm0, %ymm0 - vpor 32*11-256(%rax), %ymm0, %ymm0 - vpor 32*12-512(%rcx), %ymm0, %ymm0 - vpor 32*13-512(%rcx), %ymm0, %ymm0 - vpor 32*14-512(%rcx), %ymm0, %ymm0 - vpor 32*15-512(%rcx), %ymm0, %ymm0 - vpor 32*16-512(%rcx), %ymm0, %ymm0 - vpor 32*17-512(%rcx), %ymm0, %ymm0 - vpcmpeqq %ymm1, %ymm0, %ymm0 - vmovdqa %ymm0, `32*9*8+32`(%rsp) - - # H = U2 - U1 = X2 - X1 - lea `32*9*0`($b_ptr), %rsi - lea `32*9*0`($a_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # R = S2 - S1 = Y2 - Y1 - lea `32*9*1`($b_ptr), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*4`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # Z3 = H*Z1*Z2 = H - lea `32*9*3`(%rsp), %rsi - lea `32*9*2`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize - - vmovdqa `32*9*8`(%rsp), $B - vpor `32*9*8+32`(%rsp), $B, $B - - vpandn $ACC0, $B, $ACC0 - lea .LONE+128(%rip), %rax - vpandn $ACC1, $B, $ACC1 - vpandn $ACC2, $B, $ACC2 - vpandn $ACC3, $B, $ACC3 - vpandn $ACC4, $B, $ACC4 - vpandn $ACC5, $B, $ACC5 - vpandn $ACC6, $B, $ACC6 - vpandn $ACC7, $B, $ACC7 - - vpand 32*0-128(%rax), $B, $T0 - vpandn $ACC8, $B, $ACC8 - vpand 32*1-128(%rax), $B, $Y - vpxor $T0, $ACC0, $ACC0 - vpand 32*2-128(%rax), $B, $T0 - vpxor $Y, $ACC1, $ACC1 - vpand 32*3-128(%rax), $B, $Y - vpxor $T0, $ACC2, $ACC2 - vpand 32*4-128(%rax), $B, $T0 - vpxor $Y, $ACC3, $ACC3 - vpand 32*5-128(%rax), $B, $Y - vpxor $T0, $ACC4, $ACC4 - vpand 32*6-128(%rax), $B, $T0 - vpxor $Y, $ACC5, $ACC5 - vpand 32*7-128(%rax), $B, $Y - vpxor $T0, $ACC6, $ACC6 - vpand 32*8-128(%rax), $B, $T0 - vpxor $Y, $ACC7, $ACC7 - vpxor $T0, $ACC8, $ACC8 - `&STORE` - - # R^2 = R^2 - lea `32*9*4`(%rsp), %rsi - lea `32*9*6`(%rsp), %rdi - lea `32*9*8+32*2`(%rsp), %rcx # temporary vector - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^2 = H^2 - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdi - call avx2_sqr_x4 - call avx2_normalize_n_store - - # H^3 = H^2*H - lea `32*9*3`(%rsp), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*7`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # U2 = U1*H^2 - lea `32*9*0`($a_ptr), %rsi - lea `32*9*5`(%rsp), %rdx - lea `32*9*0`(%rsp), %rdi - call avx2_mul_x4 - #call avx2_normalize - `&STORE` - - # Hsqr = U2*2 - #lea 32*9*0(%rsp), %rsi - #lea 32*9*5(%rsp), %rdi - #call avx2_mul_by2_x4 - - vpaddq $ACC0, $ACC0, $ACC0 # inlined avx2_mul_by2_x4 - lea `32*9*5`(%rsp), %rdi - vpaddq $ACC1, $ACC1, $ACC1 - vpaddq $ACC2, $ACC2, $ACC2 - vpaddq $ACC3, $ACC3, $ACC3 - vpaddq $ACC4, $ACC4, $ACC4 - vpaddq $ACC5, $ACC5, $ACC5 - vpaddq $ACC6, $ACC6, $ACC6 - vpaddq $ACC7, $ACC7, $ACC7 - vpaddq $ACC8, $ACC8, $ACC8 - call avx2_normalize_n_store - - # X3 = R^2 - H^3 - #lea 32*9*6(%rsp), %rsi - #lea 32*9*7(%rsp), %rdx - #lea 32*9*5(%rsp), %rcx - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - # X3 = X3 - U2*2 - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_sub_x4 - #NORMALIZE - #STORE - - lea `32*9*6+128`(%rsp), %rsi - lea .LAVX2_POLY_x2+128(%rip), %rax - lea `32*9*7+128`(%rsp), %rdx - lea `32*9*5+128`(%rsp), %rcx - lea `32*9*0`($r_ptr), %rdi - - vmovdqa 32*0-128(%rsi), $ACC0 - vmovdqa 32*1-128(%rsi), $ACC1 - vmovdqa 32*2-128(%rsi), $ACC2 - vmovdqa 32*3-128(%rsi), $ACC3 - vmovdqa 32*4-128(%rsi), $ACC4 - vmovdqa 32*5-128(%rsi), $ACC5 - vmovdqa 32*6-128(%rsi), $ACC6 - vmovdqa 32*7-128(%rsi), $ACC7 - vmovdqa 32*8-128(%rsi), $ACC8 - - vpaddq 32*0-128(%rax), $ACC0, $ACC0 - vpaddq 32*1-128(%rax), $ACC1, $ACC1 - vpaddq 32*2-128(%rax), $ACC2, $ACC2 - vpaddq 32*3-128(%rax), $ACC3, $ACC3 - vpaddq 32*4-128(%rax), $ACC4, $ACC4 - vpaddq 32*5-128(%rax), $ACC5, $ACC5 - vpaddq 32*6-128(%rax), $ACC6, $ACC6 - vpaddq 32*7-128(%rax), $ACC7, $ACC7 - vpaddq 32*8-128(%rax), $ACC8, $ACC8 - - vpsubq 32*0-128(%rdx), $ACC0, $ACC0 - vpsubq 32*1-128(%rdx), $ACC1, $ACC1 - vpsubq 32*2-128(%rdx), $ACC2, $ACC2 - vpsubq 32*3-128(%rdx), $ACC3, $ACC3 - vpsubq 32*4-128(%rdx), $ACC4, $ACC4 - vpsubq 32*5-128(%rdx), $ACC5, $ACC5 - vpsubq 32*6-128(%rdx), $ACC6, $ACC6 - vpsubq 32*7-128(%rdx), $ACC7, $ACC7 - vpsubq 32*8-128(%rdx), $ACC8, $ACC8 - - vpsubq 32*0-128(%rcx), $ACC0, $ACC0 - vpsubq 32*1-128(%rcx), $ACC1, $ACC1 - vpsubq 32*2-128(%rcx), $ACC2, $ACC2 - vpsubq 32*3-128(%rcx), $ACC3, $ACC3 - vpsubq 32*4-128(%rcx), $ACC4, $ACC4 - vpsubq 32*5-128(%rcx), $ACC5, $ACC5 - vpsubq 32*6-128(%rcx), $ACC6, $ACC6 - vpsubq 32*7-128(%rcx), $ACC7, $ACC7 - vpsubq 32*8-128(%rcx), $ACC8, $ACC8 - call avx2_normalize - - lea 32*0($b_ptr), %rsi - lea 32*0($a_ptr), %rdx - call avx2_select_n_store - - # H = U2 - X3 - lea `32*9*0`(%rsp), %rsi - lea `32*9*0`($r_ptr), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_sub_x4 - call avx2_normalize_n_store - - # H = H*R - lea `32*9*3`(%rsp), %rsi - lea `32*9*4`(%rsp), %rdx - lea `32*9*3`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # S2 = S1 * H^3 - lea `32*9*7`(%rsp), %rsi - lea `32*9*1`($a_ptr), %rdx - lea `32*9*1`(%rsp), %rdi - call avx2_mul_x4 - call avx2_normalize_n_store - - # - lea `32*9*3`(%rsp), %rsi - lea `32*9*1`(%rsp), %rdx - lea `32*9*1`($r_ptr), %rdi - call avx2_sub_x4 - call avx2_normalize - - lea 32*9($b_ptr), %rsi - lea 32*9($a_ptr), %rdx - call avx2_select_n_store - - #lea 32*9*0($r_ptr), %rsi - #lea 32*9*0($r_ptr), %rdi - #call avx2_mul_by1_x4 - #NORMALIZE - #STORE - - lea `32*9*1`($r_ptr), %rsi - lea `32*9*1`($r_ptr), %rdi - call avx2_mul_by1_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps %xmm6, -16*10(%rbp) - movaps %xmm7, -16*9(%rbp) - movaps %xmm8, -16*8(%rbp) - movaps %xmm9, -16*7(%rbp) - movaps %xmm10, -16*6(%rbp) - movaps %xmm11, -16*5(%rbp) - movaps %xmm12, -16*4(%rbp) - movaps %xmm13, -16*3(%rbp) - movaps %xmm14, -16*2(%rbp) - movaps %xmm15, -16*1(%rbp) -___ -$code.=<<___; - mov %rbp, %rsp - pop %rbp - ret -.size ecp_nistz256_avx2_point_add_affines_x4,.-ecp_nistz256_avx2_point_add_affines_x4 - -################################################################################ -# void ecp_nistz256_avx2_to_mont(void* RESULTx4, void *Ax4); -.globl ecp_nistz256_avx2_to_mont -.type ecp_nistz256_avx2_to_mont,\@function,2 -.align 32 -ecp_nistz256_avx2_to_mont: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - lea .LTO_MONT_AVX2(%rip), %rdx - call avx2_mul_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_to_mont,.-ecp_nistz256_avx2_to_mont - -################################################################################ -# void ecp_nistz256_avx2_from_mont(void* RESULTx4, void *Ax4); -.globl ecp_nistz256_avx2_from_mont -.type ecp_nistz256_avx2_from_mont,\@function,2 -.align 32 -ecp_nistz256_avx2_from_mont: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - vmovdqa .LAVX2_AND_MASK(%rip), $AND_MASK - lea .LFROM_MONT_AVX2(%rip), %rdx - call avx2_mul_x4 - call avx2_normalize_n_store - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_from_mont,.-ecp_nistz256_avx2_from_mont - -################################################################################ -# void ecp_nistz256_avx2_set1(void* RESULTx4); -.globl ecp_nistz256_avx2_set1 -.type ecp_nistz256_avx2_set1,\@function,1 -.align 32 -ecp_nistz256_avx2_set1: - lea .LONE+128(%rip), %rax - lea 128(%rdi), %rdi - vzeroupper - vmovdqa 32*0-128(%rax), %ymm0 - vmovdqa 32*1-128(%rax), %ymm1 - vmovdqa 32*2-128(%rax), %ymm2 - vmovdqa 32*3-128(%rax), %ymm3 - vmovdqa 32*4-128(%rax), %ymm4 - vmovdqa 32*5-128(%rax), %ymm5 - vmovdqa %ymm0, 32*0-128(%rdi) - vmovdqa 32*6-128(%rax), %ymm0 - vmovdqa %ymm1, 32*1-128(%rdi) - vmovdqa 32*7-128(%rax), %ymm1 - vmovdqa %ymm2, 32*2-128(%rdi) - vmovdqa 32*8-128(%rax), %ymm2 - vmovdqa %ymm3, 32*3-128(%rdi) - vmovdqa %ymm4, 32*4-128(%rdi) - vmovdqa %ymm5, 32*5-128(%rdi) - vmovdqa %ymm0, 32*6-128(%rdi) - vmovdqa %ymm1, 32*7-128(%rdi) - vmovdqa %ymm2, 32*8-128(%rdi) - - vzeroupper - ret -.size ecp_nistz256_avx2_set1,.-ecp_nistz256_avx2_set1 -___ -} -{ -################################################################################ -# void ecp_nistz256_avx2_multi_gather_w7(void* RESULT, void *in, -# int index0, int index1, int index2, int index3); -################################################################################ - -my ($val,$in_t,$index0,$index1,$index2,$index3)=("%rdi","%rsi","%edx","%ecx","%r8d","%r9d"); -my ($INDEX0,$INDEX1,$INDEX2,$INDEX3)=map("%ymm$_",(0..3)); -my ($R0a,$R0b,$R1a,$R1b,$R2a,$R2b,$R3a,$R3b)=map("%ymm$_",(4..11)); -my ($M0,$T0,$T1,$TMP0)=map("%ymm$_",(12..15)); - -$code.=<<___; -.globl ecp_nistz256_avx2_multi_gather_w7 -.type ecp_nistz256_avx2_multi_gather_w7,\@function,6 -.align 32 -ecp_nistz256_avx2_multi_gather_w7: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -8-16*10(%rsp), %rsp - vmovaps %xmm6, -8-16*10(%rax) - vmovaps %xmm7, -8-16*9(%rax) - vmovaps %xmm8, -8-16*8(%rax) - vmovaps %xmm9, -8-16*7(%rax) - vmovaps %xmm10, -8-16*6(%rax) - vmovaps %xmm11, -8-16*5(%rax) - vmovaps %xmm12, -8-16*4(%rax) - vmovaps %xmm13, -8-16*3(%rax) - vmovaps %xmm14, -8-16*2(%rax) - vmovaps %xmm15, -8-16*1(%rax) -___ -$code.=<<___; - lea .LIntOne(%rip), %rax - - vmovd $index0, %xmm0 - vmovd $index1, %xmm1 - vmovd $index2, %xmm2 - vmovd $index3, %xmm3 - - vpxor $R0a, $R0a, $R0a - vpxor $R0b, $R0b, $R0b - vpxor $R1a, $R1a, $R1a - vpxor $R1b, $R1b, $R1b - vpxor $R2a, $R2a, $R2a - vpxor $R2b, $R2b, $R2b - vpxor $R3a, $R3a, $R3a - vpxor $R3b, $R3b, $R3b - vmovdqa (%rax), $M0 - - vpermd $INDEX0, $R0a, $INDEX0 - vpermd $INDEX1, $R0a, $INDEX1 - vpermd $INDEX2, $R0a, $INDEX2 - vpermd $INDEX3, $R0a, $INDEX3 - - mov \$64, %ecx - lea 112($val), $val # size optimization - jmp .Lmulti_select_loop_avx2 - -# INDEX=0, corresponds to the point at infty (0,0) -.align 32 -.Lmulti_select_loop_avx2: - vpcmpeqd $INDEX0, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*0`($in_t), $T0 - vmovdqa `32*1+32*64*2*0`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R0a, $R0a - vpxor $T1, $R0b, $R0b - - vpcmpeqd $INDEX1, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*1`($in_t), $T0 - vmovdqa `32*1+32*64*2*1`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R1a, $R1a - vpxor $T1, $R1b, $R1b - - vpcmpeqd $INDEX2, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*2`($in_t), $T0 - vmovdqa `32*1+32*64*2*2`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R2a, $R2a - vpxor $T1, $R2b, $R2b - - vpcmpeqd $INDEX3, $M0, $TMP0 - - vmovdqa `32*0+32*64*2*3`($in_t), $T0 - vmovdqa `32*1+32*64*2*3`($in_t), $T1 - vpand $TMP0, $T0, $T0 - vpand $TMP0, $T1, $T1 - vpxor $T0, $R3a, $R3a - vpxor $T1, $R3b, $R3b - - vpaddd (%rax), $M0, $M0 # increment - lea 32*2($in_t), $in_t - - dec %ecx - jnz .Lmulti_select_loop_avx2 - - vmovdqu $R0a, 32*0-112($val) - vmovdqu $R0b, 32*1-112($val) - vmovdqu $R1a, 32*2-112($val) - vmovdqu $R1b, 32*3-112($val) - vmovdqu $R2a, 32*4-112($val) - vmovdqu $R2b, 32*5-112($val) - vmovdqu $R3a, 32*6-112($val) - vmovdqu $R3b, 32*7-112($val) - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*0(%rsp), %xmm6 - movaps 16*1(%rsp), %xmm7 - movaps 16*2(%rsp), %xmm8 - movaps 16*3(%rsp), %xmm9 - movaps 16*4(%rsp), %xmm10 - movaps 16*5(%rsp), %xmm11 - movaps 16*6(%rsp), %xmm12 - movaps 16*7(%rsp), %xmm13 - movaps 16*8(%rsp), %xmm14 - movaps 16*9(%rsp), %xmm15 - lea 8+16*10(%rsp), %rsp -___ -$code.=<<___; - ret -.size ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7 - -.extern OPENSSL_ia32cap_P -.globl ecp_nistz_avx2_eligible -.type ecp_nistz_avx2_eligible,\@abi-omnipotent -.align 32 -ecp_nistz_avx2_eligible: - mov OPENSSL_ia32cap_P+8(%rip),%eax - shr \$5,%eax - and \$1,%eax - ret -.size ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible -___ -} -}} else {{ # assembler is too old -$code.=<<___; -.text - -.globl ecp_nistz256_avx2_transpose_convert -.globl ecp_nistz256_avx2_convert_transpose_back -.globl ecp_nistz256_avx2_point_add_affine_x4 -.globl ecp_nistz256_avx2_point_add_affines_x4 -.globl ecp_nistz256_avx2_to_mont -.globl ecp_nistz256_avx2_from_mont -.globl ecp_nistz256_avx2_set1 -.globl ecp_nistz256_avx2_multi_gather_w7 -.type ecp_nistz256_avx2_multi_gather_w7,\@abi-omnipotent -ecp_nistz256_avx2_transpose_convert: -ecp_nistz256_avx2_convert_transpose_back: -ecp_nistz256_avx2_point_add_affine_x4: -ecp_nistz256_avx2_point_add_affines_x4: -ecp_nistz256_avx2_to_mont: -ecp_nistz256_avx2_from_mont: -ecp_nistz256_avx2_set1: -ecp_nistz256_avx2_multi_gather_w7: - .byte 0x0f,0x0b # ud2 - ret -.size ecp_nistz256_avx2_multi_gather_w7,.-ecp_nistz256_avx2_multi_gather_w7 - -.globl ecp_nistz_avx2_eligible -.type ecp_nistz_avx2_eligible,\@abi-omnipotent -ecp_nistz_avx2_eligible: - xor %eax,%eax - ret -.size ecp_nistz_avx2_eligible,.-ecp_nistz_avx2_eligible -___ -}} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval($1)/geo; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index ba92681388..5005249b05 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -929,207 +929,6 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) return ret; } -/* - * Note that by default ECP_NISTZ256_AVX2 is undefined. While it's great - * code processing 4 points in parallel, corresponding serial operation - * is several times slower, because it uses 29x29=58-bit multiplication - * as opposite to 64x64=128-bit in integer-only scalar case. As result - * it doesn't provide *significant* performance improvement. Note that - * just defining ECP_NISTZ256_AVX2 is not sufficient to make it work, - * you'd need to compile even asm/ecp_nistz256-avx.pl module. - */ -#if defined(ECP_NISTZ256_AVX2) -# if !(defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) || \ - !(defined(__GNUC__) || defined(_MSC_VER)) /* this is for ALIGN32 */ -# undef ECP_NISTZ256_AVX2 -# else -/* Constant time access, loading four values, from four consecutive tables */ -void ecp_nistz256_avx2_multi_gather_w7(void *result, const void *in, - int index0, int index1, int index2, - int index3); -void ecp_nistz256_avx2_transpose_convert(void *RESULTx4, const void *in); -void ecp_nistz256_avx2_convert_transpose_back(void *result, const void *Ax4); -void ecp_nistz256_avx2_point_add_affine_x4(void *RESULTx4, const void *Ax4, - const void *Bx4); -void ecp_nistz256_avx2_point_add_affines_x4(void *RESULTx4, const void *Ax4, - const void *Bx4); -void ecp_nistz256_avx2_to_mont(void *RESULTx4, const void *Ax4); -void ecp_nistz256_avx2_from_mont(void *RESULTx4, const void *Ax4); -void ecp_nistz256_avx2_set1(void *RESULTx4); -int ecp_nistz_avx2_eligible(void); - -static void booth_recode_w7(unsigned char *sign, - unsigned char *digit, unsigned char in) -{ - unsigned char s, d; - - s = ~((in >> 7) - 1); - d = (1 << 8) - in - 1; - d = (d & s) | (in & ~s); - d = (d >> 1) + (d & 1); - - *sign = s & 1; - *digit = d; -} - -/* - * ecp_nistz256_avx2_mul_g performs multiplication by G, using only the - * precomputed table. It does 4 affine point additions in parallel, - * significantly speeding up point multiplication for a fixed value. - */ -static void ecp_nistz256_avx2_mul_g(P256_POINT *r, - unsigned char p_str[33], - const P256_POINT_AFFINE(*preComputedTable)[64]) -{ - const unsigned int window_size = 7; - const unsigned int mask = (1 << (window_size + 1)) - 1; - unsigned int wvalue; - /* Using 4 windows at a time */ - unsigned char sign0, digit0; - unsigned char sign1, digit1; - unsigned char sign2, digit2; - unsigned char sign3, digit3; - unsigned int idx = 0; - BN_ULONG tmp[P256_LIMBS]; - int i; - - ALIGN32 BN_ULONG aX4[4 * 9 * 3] = { 0 }; - ALIGN32 BN_ULONG bX4[4 * 9 * 2] = { 0 }; - ALIGN32 P256_POINT_AFFINE point_arr[4]; - ALIGN32 P256_POINT res_point_arr[4]; - - /* Initial four windows */ - wvalue = *((u16 *) & p_str[0]); - wvalue = (wvalue << 1) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[0], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(aX4, point_arr); - ecp_nistz256_avx2_to_mont(aX4, aX4); - ecp_nistz256_avx2_to_mont(&aX4[4 * 9], &aX4[4 * 9]); - ecp_nistz256_avx2_set1(&aX4[4 * 9 * 2]); - - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[4 * 1], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(bX4, point_arr); - ecp_nistz256_avx2_to_mont(bX4, bX4); - ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]); - /* Optimized when both inputs are affine */ - ecp_nistz256_avx2_point_add_affines_x4(aX4, aX4, bX4); - - for (i = 2; i < 9; i++) { - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - booth_recode_w7(&sign3, &digit3, wvalue); - - ecp_nistz256_avx2_multi_gather_w7(point_arr, - preComputedTable[4 * i], - digit0, digit1, digit2, digit3); - - ecp_nistz256_neg(tmp, point_arr[0].Y); - copy_conditional(point_arr[0].Y, tmp, sign0); - ecp_nistz256_neg(tmp, point_arr[1].Y); - copy_conditional(point_arr[1].Y, tmp, sign1); - ecp_nistz256_neg(tmp, point_arr[2].Y); - copy_conditional(point_arr[2].Y, tmp, sign2); - ecp_nistz256_neg(tmp, point_arr[3].Y); - copy_conditional(point_arr[3].Y, tmp, sign3); - - ecp_nistz256_avx2_transpose_convert(bX4, point_arr); - ecp_nistz256_avx2_to_mont(bX4, bX4); - ecp_nistz256_avx2_to_mont(&bX4[4 * 9], &bX4[4 * 9]); - - ecp_nistz256_avx2_point_add_affine_x4(aX4, aX4, bX4); - } - - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 0], &aX4[4 * 9 * 0]); - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 1], &aX4[4 * 9 * 1]); - ecp_nistz256_avx2_from_mont(&aX4[4 * 9 * 2], &aX4[4 * 9 * 2]); - - ecp_nistz256_avx2_convert_transpose_back(res_point_arr, aX4); - /* Last window is performed serially */ - wvalue = *((u16 *) & p_str[(idx - 1) / 8]); - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - booth_recode_w7(&sign0, &digit0, wvalue); - ecp_nistz256_gather_w7((P256_POINT_AFFINE *)r, - preComputedTable[36], digit0); - ecp_nistz256_neg(tmp, r->Y); - copy_conditional(r->Y, tmp, sign0); - memcpy(r->Z, ONE, sizeof(ONE)); - /* Sum the four windows */ - ecp_nistz256_point_add(r, r, &res_point_arr[0]); - ecp_nistz256_point_add(r, r, &res_point_arr[1]); - ecp_nistz256_point_add(r, r, &res_point_arr[2]); - ecp_nistz256_point_add(r, r, &res_point_arr[3]); -} -# endif -#endif - __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group, const P256_POINT_AFFINE *in, BN_CTX *ctx) @@ -1219,6 +1018,8 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, } if (preComputedTable) { + BN_ULONG infty; + if ((BN_num_bits(scalar) > 256) || BN_is_negative(scalar)) { if ((tmp_scalar = BN_CTX_get(ctx)) == NULL) @@ -1250,67 +1051,58 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, for (; i < 33; i++) p_str[i] = 0; -#if defined(ECP_NISTZ256_AVX2) - if (ecp_nistz_avx2_eligible()) { - ecp_nistz256_avx2_mul_g(&p.p, p_str, preComputedTable); - } else -#endif - { - BN_ULONG infty; + /* First window */ + wvalue = (p_str[0] << 1) & mask; + idx += window_size; - /* First window */ - wvalue = (p_str[0] << 1) & mask; - idx += window_size; + wvalue = _booth_recode_w7(wvalue); - wvalue = _booth_recode_w7(wvalue); + ecp_nistz256_gather_w7(&p.a, preComputedTable[0], + wvalue >> 1); - ecp_nistz256_gather_w7(&p.a, preComputedTable[0], - wvalue >> 1); - - ecp_nistz256_neg(p.p.Z, p.p.Y); - copy_conditional(p.p.Y, p.p.Z, wvalue & 1); - - /* - * Since affine infinity is encoded as (0,0) and - * Jacobian ias (,,0), we need to harmonize them - * by assigning "one" or zero to Z. - */ - infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | - p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); - if (P256_LIMBS == 8) - infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | - p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); - - infty = 0 - is_zero(infty); - infty = ~infty; - - p.p.Z[0] = ONE[0] & infty; - p.p.Z[1] = ONE[1] & infty; - p.p.Z[2] = ONE[2] & infty; - p.p.Z[3] = ONE[3] & infty; - if (P256_LIMBS == 8) { - p.p.Z[4] = ONE[4] & infty; - p.p.Z[5] = ONE[5] & infty; - p.p.Z[6] = ONE[6] & infty; - p.p.Z[7] = ONE[7] & infty; - } + ecp_nistz256_neg(p.p.Z, p.p.Y); + copy_conditional(p.p.Y, p.p.Z, wvalue & 1); - for (i = 1; i < 37; i++) { - unsigned int off = (idx - 1) / 8; - wvalue = p_str[off] | p_str[off + 1] << 8; - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; + /* + * Since affine infinity is encoded as (0,0) and + * Jacobian is (,,0), we need to harmonize them + * by assigning "one" or zero to Z. + */ + infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | + p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); + if (P256_LIMBS == 8) + infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | + p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); + + infty = 0 - is_zero(infty); + infty = ~infty; + + p.p.Z[0] = ONE[0] & infty; + p.p.Z[1] = ONE[1] & infty; + p.p.Z[2] = ONE[2] & infty; + p.p.Z[3] = ONE[3] & infty; + if (P256_LIMBS == 8) { + p.p.Z[4] = ONE[4] & infty; + p.p.Z[5] = ONE[5] & infty; + p.p.Z[6] = ONE[6] & infty; + p.p.Z[7] = ONE[7] & infty; + } - wvalue = _booth_recode_w7(wvalue); + for (i = 1; i < 37; i++) { + unsigned int off = (idx - 1) / 8; + wvalue = p_str[off] | p_str[off + 1] << 8; + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; - ecp_nistz256_gather_w7(&t.a, - preComputedTable[i], wvalue >> 1); + wvalue = _booth_recode_w7(wvalue); - ecp_nistz256_neg(t.p.Z, t.a.Y); - copy_conditional(t.a.Y, t.p.Z, wvalue & 1); + ecp_nistz256_gather_w7(&t.a, + preComputedTable[i], wvalue >> 1); - ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); - } + ecp_nistz256_neg(t.p.Z, t.a.Y); + copy_conditional(t.a.Y, t.p.Z, wvalue & 1); + + ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); } } else { p_is_infinity = 1; From no-reply at appveyor.com Sun Jun 7 19:36:01 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 07 Jun 2020 19:36:01 +0000 Subject: Build failed: openssl master.34786 Message-ID: <20200607193601.1.7AB8192769E27A7F@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jun 8 01:23:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Jun 2020 01:23:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1591579394.717123.21026.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: c4683009ad TEST: Adjust test/bioprinttest.c to behave like the testutil routines 66d8bd4b37 TESTUTIL: Adjust the rest of testutil 8dce4aa2d9 TESTUTIL: Separate TAP output and other output by BIO filter 591315297e Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() f5e23fe889 APPS: Remove unnecessary NULL check of uri in load_cert_pass() 0808a75e4d APPS: Make it possible to load_cert() from stdin again 09527c4935 Fix a typo in SSL_CTX_set_session_ticket_cb.pod 7b2d995ed7 Don't downgrade keys in libssl 7fa2b2673e When asked if an ECX key has parameters we should answer "true" 11391da217 Always create a key when importing 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys 0d52ede716 Fix error path in int create_ssl_ctx_pair() b38425393c Implement a test for sigalgs not being present 3cd69b7458 Implement a Filtering Provider d01d375264 Implement OSSL_PROVIDER_get0_provider_ctx() 5f603a280c Enable applications to directly call a provider's query operation 263ff2c9d4 Check that Signature Algorithms are available before using them eca4713913 APPS: Drop interactive mode in the 'openssl' program 987e3a0eed Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md b1c21b27dc fips: add additional algorithms to the FIPS provider. a64a143f31 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=199, Tests=1918, 723 wallclock secs ( 7.90 usr 0.99 sys + 685.61 cusr 43.74 csys = 738.24 CPU) Result: FAIL Makefile:3083: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3081: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Jun 8 02:14:07 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 08 Jun 2020 02:14:07 +0000 Subject: Build completed: openssl master.34787 Message-ID: <20200608021407.1.98000749F3465654@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Mon Jun 8 03:40:19 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Mon, 08 Jun 2020 03:40:19 +0000 Subject: [openssl] master update Message-ID: <1591587619.974102.6182.nullmailer@dev.openssl.org> The branch master has been updated via 71273ab57a27e0e6a1d4356891a2eb8e2298f458 (commit) via 49f84002d07a0fef5f673aff4c3a4be475563b27 (commit) via c29ba6a92ea9c2c9616e044c1dd0efedafa0aeef (commit) via 4ca015555b97f00101c5f7274e99302ffe2db500 (commit) via 9f5ff440b8baffae14a851af95443a7cadb24bcd (commit) from c4683009ad6e8d64e80112fd689921f6c169bd20 (commit) - Log ----------------------------------------------------------------- commit 71273ab57a27e0e6a1d4356891a2eb8e2298f458 Author: Dr. David von Oheimb Date: Tue May 5 14:04:30 2020 +0200 Fix 90-test_store.t for latest config, limits, providers, and disabled algos Also make sure that the test do not 'pass' if their initialization fails. Leave out the expensive parts of DSA key gen and RSA keygen for efficiency. Fix use of the new CA configuration file test/ca-and-certs.cnf. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11733) commit 49f84002d07a0fef5f673aff4c3a4be475563b27 Author: Dr. David von Oheimb Date: Wed May 6 13:08:45 2020 +0200 Fix documentation of OSSL_STORE Among others, make clear that OSSL_STORE_close() meanwhile does nothing on NULL. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11733) commit c29ba6a92ea9c2c9616e044c1dd0efedafa0aeef Author: Dr. David von Oheimb Date: Tue May 5 11:31:05 2020 +0200 Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11733) commit 4ca015555b97f00101c5f7274e99302ffe2db500 Author: Dr. David von Oheimb Date: Tue May 5 14:18:46 2020 +0200 Add chain to PKCS#12 test file generation in 90-test_store.t Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11733) commit 9f5ff440b8baffae14a851af95443a7cadb24bcd Author: Dr. David von Oheimb Date: Tue May 5 11:24:49 2020 +0200 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11733) ----------------------------------------------------------------------- Summary of changes: crypto/store/loader_file.c | 83 ++++++++++++---------- doc/man3/OSSL_STORE_INFO.pod | 29 ++++---- doc/man3/OSSL_STORE_open.pod | 31 ++++---- test/recipes/90-test_store.t | 83 ++++++++++++++-------- test/recipes/90-test_store_data/ca.cnf | 56 --------------- .../dsaparam.pem | 0 test/recipes/90-test_store_data/rsa-key-2432.pem | 32 +++++++++ test/recipes/90-test_store_data/user.cnf | 19 ----- 8 files changed, 160 insertions(+), 173 deletions(-) delete mode 100644 test/recipes/90-test_store_data/ca.cnf copy test/recipes/{04-test_pem_data => 90-test_store_data}/dsaparam.pem (100%) create mode 100644 test/recipes/90-test_store_data/rsa-key-2432.pem delete mode 100644 test/recipes/90-test_store_data/user.cnf diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 6b5cebc835..ed74e55834 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -36,7 +36,7 @@ DEFINE_STACK_OF(X509) #ifdef _WIN32 -# define stat _stat +# define stat _stat #endif #ifndef S_ISDIR @@ -219,7 +219,6 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, if (ctx == NULL) { /* Initial parsing */ PKCS12 *p12; - int ok = 0; if (pem_name != NULL) /* No match, there is no PEM PKCS12 tag */ @@ -256,37 +255,46 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, OSSL_STORE_INFO *osi_pkey = NULL; OSSL_STORE_INFO *osi_cert = NULL; OSSL_STORE_INFO *osi_ca = NULL; - - if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL - && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL - && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0 - && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL - && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) { - ok = 1; - osi_pkey = NULL; - osi_cert = NULL; - - while(sk_X509_num(chain) > 0) { + int ok = 1; + + if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL) { + if (pkey != NULL) { + if ((osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL + /* clearing pkey here avoids case distinctions */ + && (pkey = NULL) == NULL + && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0) + osi_pkey = NULL; + else + ok = 0; + } + if (ok && cert != NULL) { + if ((osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL + /* clearing cert here avoids case distinctions */ + && (cert = NULL) == NULL + && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) + osi_cert = NULL; + else + ok = 0; + } + while (ok && sk_X509_num(chain) > 0) { X509 *ca = sk_X509_value(chain, 0); - if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL - || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) { + if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) != NULL + && sk_X509_shift(chain) != NULL + && sk_OSSL_STORE_INFO_push(ctx, osi_ca) != 0) + osi_ca = NULL; + else ok = 0; - break; - } - osi_ca = NULL; - (void)sk_X509_shift(chain); } } - sk_X509_free(chain); + EVP_PKEY_free(pkey); + X509_free(cert); + sk_X509_pop_free(chain, X509_free); + OSSL_STORE_INFO_free(osi_pkey); + OSSL_STORE_INFO_free(osi_cert); + OSSL_STORE_INFO_free(osi_ca); if (!ok) { - OSSL_STORE_INFO_free(osi_ca); - OSSL_STORE_INFO_free(osi_cert); - OSSL_STORE_INFO_free(osi_pkey); sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free); - EVP_PKEY_free(pkey); - X509_free(cert); - sk_X509_pop_free(chain, X509_free); ctx = NULL; } *pctx = ctx; @@ -294,15 +302,12 @@ static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name, } p12_end: PKCS12_free(p12); - if (!ok) + if (ctx == NULL) return NULL; } - if (ctx != NULL) { - *matchcount = 1; - store_info = sk_OSSL_STORE_INFO_shift(ctx); - } - + *matchcount = 1; + store_info = sk_OSSL_STORE_INFO_shift(ctx); return store_info; } @@ -326,7 +331,7 @@ static FILE_HANDLER PKCS12_handler = { try_decode_PKCS12, eof_PKCS12, destroy_ctx_PKCS12, - 1 /* repeatable */ + 1 /* repeatable */ }; /* @@ -772,7 +777,7 @@ struct ossl_store_loader_ctx_st { #define FILE_FLAG_ATTACHED (1<<1) unsigned int flags; union { - struct { /* Used with is_raw and is_pem */ + struct { /* Used with is_raw and is_pem */ BIO *file; /* @@ -782,7 +787,7 @@ struct ossl_store_loader_ctx_st { const FILE_HANDLER *last_handler; void *last_handler_ctx; } file; - struct { /* Used with is_dir */ + struct { /* Used with is_dir */ OPENSSL_DIR_CTX *ctx; int end_reached; @@ -1316,10 +1321,10 @@ static int ends_with_dirsep(const char *uri) { if (*uri != '\0') uri += strlen(uri) - 1; -#if defined __VMS +#if defined(__VMS) if (*uri == ']' || *uri == '>' || *uri == ':') return 1; -#elif defined _WIN32 +#elif defined(_WIN32) if (*uri == '\\') return 1; #endif @@ -1394,7 +1399,7 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) while (ossl_isdigit(*p)) p++; -# ifdef __VMS +#ifdef __VMS /* * One extra step here, check for a possible generation number. */ @@ -1402,7 +1407,7 @@ static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name) for (p++; *p != '\0'; p++) if (!ossl_isdigit(*p)) break; -# endif +#endif /* * If we've reached the end of the string at this point, we've successfully diff --git a/doc/man3/OSSL_STORE_INFO.pod b/doc/man3/OSSL_STORE_INFO.pod index bf69474977..095a4028b0 100644 --- a/doc/man3/OSSL_STORE_INFO.pod +++ b/doc/man3/OSSL_STORE_INFO.pod @@ -54,25 +54,24 @@ loaders to create B holders. =head2 Types B is an opaque type that's just an intermediary holder for -the objects that have been retrieved by OSSL_STORE_load() and similar -functions. +the objects that have been retrieved by OSSL_STORE_load() and similar functions. Supported OpenSSL type object can be extracted using one of -STORE_INFO_get0_TYPE(). +STORE_INFO_get0_() where can be NAME, PARAMS, PKEY, CERT, or CRL. The life time of this extracted object is as long as the life time of the B it was extracted from, so care should be taken not to free the latter too early. -As an alternative, STORE_INFO_get1_TYPE() extracts a duplicate (or the +As an alternative, STORE_INFO_get1_() extracts a duplicate (or the same object with its reference count increased), which can be used after the containing B has been freed. -The object returned by STORE_INFO_get1_TYPE() must be freed separately +The object returned by STORE_INFO_get1_() must be freed separately by the caller. -See L for more information on the types that are -supported. +See L for more information on the types that are supported. =head2 Functions OSSL_STORE_INFO_get_type() takes a B and returns the STORE type number for the object inside. + STORE_INFO_get_type_string() takes a STORE type number and returns a short string describing it. @@ -94,6 +93,8 @@ OSSL_STORE_INFO_new_NAME() , OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() create a B object to hold the given input object. +On success the input object is consumed. + Additionally, for B` objects, OSSL_STORE_INFO_set0_NAME_description() can be used to add an extra description. @@ -162,9 +163,9 @@ OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return a pointer to the OpenSSL object on success, NULL otherwise. -OSSL_STORE_INFO_get0_NAME(), OSSL_STORE_INFO_get0_NAME_description(), -OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), -OSSL_STORE_INFO_get0_CERT() and OSSL_STORE_INFO_get0_CRL() all return +OSSL_STORE_INFO_get1_NAME(), OSSL_STORE_INFO_get1_NAME_description(), +OSSL_STORE_INFO_get1_PARAMS(), OSSL_STORE_INFO_get1_PKEY(), +OSSL_STORE_INFO_get1_CERT() and OSSL_STORE_INFO_get1_CRL() all return a pointer to a duplicate of the OpenSSL object on success, NULL otherwise. OSSL_STORE_INFO_type_string() returns a string on success, or B on @@ -184,13 +185,7 @@ L, L, L =head1 HISTORY -OSSL_STORE_INFO(), OSSL_STORE_INFO_get_type(), OSSL_STORE_INFO_get0_NAME(), -OSSL_STORE_INFO_get0_PARAMS(), OSSL_STORE_INFO_get0_PKEY(), -OSSL_STORE_INFO_get0_CERT(), OSSL_STORE_INFO_get0_CRL(), -OSSL_STORE_INFO_type_string(), OSSL_STORE_INFO_free(), OSSL_STORE_INFO_new_NAME(), -OSSL_STORE_INFO_new_PARAMS(), OSSL_STORE_INFO_new_PKEY(), -OSSL_STORE_INFO_new_CERT() and OSSL_STORE_INFO_new_CRL() -were added in OpenSSL 1.1.1. +The OSSL_STORE API was added in OpenSSL 1.1.1. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_STORE_open.pod b/doc/man3/OSSL_STORE_open.pod index be61ad5b73..6d4ae01809 100644 --- a/doc/man3/OSSL_STORE_open.pod +++ b/doc/man3/OSSL_STORE_open.pod @@ -46,21 +46,22 @@ OSSL_STORE_close() to work together. =head2 Functions -OSSL_STORE_open() takes a uri or path B, password UI method -B with associated data B, and post processing -callback B with associated data B, +OSSL_STORE_open() takes a uri or path I, password UI method +I with associated data I, and post processing +callback I with associated data I, opens a channel to the data located at that URI and returns a B with all necessary internal information. -The given B and B will be reused by all -functions that use B when interaction is needed. -The given B and B will be reused by +The given I and I will be reused by all +functions that use B when interaction is needed, +for instance to provide a password. +The given I and I will be reused by OSSL_STORE_load() to manipulate or drop the value to be returned. -The B function drops values by returning B, which +The I function drops values by returning NULL, which will cause OSSL_STORE_load() to start its process over with loading -the next object, until B returns something other than -B, or the end of data is reached as indicated by OSSL_STORE_eof(). +the next object, until I returns something other than +NULL, or the end of data is reached as indicated by OSSL_STORE_eof(). -OSSL_STORE_ctrl() takes a B, and command number B and +OSSL_STORE_ctrl() takes a B, and command number I and more arguments not specified here. The available loader specific command numbers and arguments they each take depends on the loader that's used and is documented together with @@ -94,6 +95,7 @@ OSSL_STORE_eof() shows that the end of data has been reached. OSSL_STORE_close() takes a B, closes the channel that was opened by OSSL_STORE_open() and frees all other information that was stored in the B, as well as the B itself. +If I is NULL it does nothing. =head1 SUPPORTED SCHEMES @@ -123,12 +125,12 @@ See L for further information. =head1 RETURN VALUES OSSL_STORE_open() returns a pointer to a B on success, or -B on failure. +NULL on failure. OSSL_STORE_load() returns a pointer to a B on success, or -B on error or when end of data is reached. +NULL on error or when end of data is reached. Use OSSL_STORE_error() and OSSL_STORE_eof() to determine the meaning of a -returned B. +returned NULL. OSSL_STORE_eof() returns 1 if the end of data has been reached, otherwise 0. @@ -149,6 +151,9 @@ OSSL_STORE_CTX(), OSSL_STORE_post_process_info_fn(), OSSL_STORE_open(), OSSL_STORE_ctrl(), OSSL_STORE_load(), OSSL_STORE_eof() and OSSL_STORE_close() were added in OpenSSL 1.1.1. +Handling of NULL I argument for OSSL_STORE_close() +was introduced in OpenSSL 1.1.1h. + =head1 COPYRIGHT Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index 9fd0acf762..9f4eaa2961 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -16,7 +16,11 @@ my $test_name = "test_store"; setup($test_name); my $mingw = config('target') =~ m|^mingw|; -my $cnf = srctop_file("test", "ca-and-certs.cnf"); + +my $use_md5 = !disabled("md5"); +my $use_des = !disabled("des"); # also affects 3des and pkcs12 app +my $use_dsa = !disabled("dsa"); +my $use_ecc = !disabled("ec"); my @noexist_files = ( "test/blahdiblah.pem", @@ -41,25 +45,35 @@ my @generated_files = "rsa-key-pkcs1.pem", "rsa-key-pkcs1.der", "rsa-key-pkcs1-aes128.pem", "rsa-key-pkcs8.pem", "rsa-key-pkcs8.der", - "rsa-key-pkcs8-pbes1-sha1-3des.pem", "rsa-key-pkcs8-pbes1-sha1-3des.der", "rsa-key-pkcs8-pbes2-sha1.pem", "rsa-key-pkcs8-pbes2-sha1.der", + "rsa-key-pkcs8-pbes2-sha256.pem", "rsa-key-pkcs8-pbes2-sha256.der", + ); +push(@generated_files, ( + "rsa-key-pkcs8-pbes1-sha1-3des.pem", "rsa-key-pkcs8-pbes1-sha1-3des.der", + )) if $use_des; +push(@generated_files, ( "rsa-key-sha1-3des-sha1.p12", "rsa-key-sha1-3des-sha256.p12", "rsa-key-aes256-cbc-sha256.p12", "rsa-key-md5-des-sha1.p12", - "rsa-key-aes256-cbc-md5-des-sha256.p12", - "rsa-key-pkcs8-pbes2-sha256.pem", "rsa-key-pkcs8-pbes2-sha256.der", - "rsa-key-pkcs8-pbes1-md5-des.pem", "rsa-key-pkcs8-pbes1-md5-des.der", + "rsa-key-aes256-cbc-md5-des-sha256.p12" + )) if $use_des; +push(@generated_files, ( + "rsa-key-pkcs8-pbes1-md5-des.pem", "rsa-key-pkcs8-pbes1-md5-des.der" + )) if $use_md5 && $use_des; +push(@generated_files, ( "dsa-key-pkcs1.pem", "dsa-key-pkcs1.der", "dsa-key-pkcs1-aes128.pem", "dsa-key-pkcs8.pem", "dsa-key-pkcs8.der", "dsa-key-pkcs8-pbes2-sha1.pem", "dsa-key-pkcs8-pbes2-sha1.der", - "dsa-key-aes256-cbc-sha256.p12", + )) if $use_dsa; +push(@generated_files, "dsa-key-aes256-cbc-sha256.p12") if $use_dsa && $use_des; +push(@generated_files, ( "ec-key-pkcs1.pem", "ec-key-pkcs1.der", "ec-key-pkcs1-aes128.pem", "ec-key-pkcs8.pem", "ec-key-pkcs8.der", "ec-key-pkcs8-pbes2-sha1.pem", "ec-key-pkcs8-pbes2-sha1.der", - "ec-key-aes256-cbc-sha256.p12", - ); + )) if $use_ecc; +push(@generated_files, "ec-key-aes256-cbc-sha256.p12") if $use_ecc && $use_des; my %generated_file_files = $^O eq 'linux' ? ( "test/testx509.pem" => "file:testx509.pem", @@ -85,7 +99,7 @@ plan tests => $n; indir "store_$$" => sub { SKIP: { - skip "failed initialisation", $n unless init(); + init() or die "init failed"; my $rehash = init_rehash(); @@ -220,28 +234,35 @@ indir "store_$$" => sub { }, create => 1, cleanup => 1; sub init { + my $cnf = srctop_file('test', 'ca-and-certs.cnf'); + my $cakey = srctop_file('test', 'certs', 'ca-key.pem'); return ( # rsa-key-pkcs1.pem - run(app(["openssl", "genrsa", - "-out", "rsa-key-pkcs1.pem", "2432"])) - # dsa-key-pkcs1.pem - && run(app(["openssl", "dsaparam", "-genkey", - "-out", "dsa-key-pkcs1.pem", "1024"])) - # ec-key-pkcs1.pem (one might think that 'genec' would be practical) - && run(app(["openssl", "ecparam", "-genkey", "-name", "prime256v1", - "-out", "ec-key-pkcs1.pem"])) + run(app(["openssl", "pkey", + "-in", data_file("rsa-key-2432.pem"), + "-out", "rsa-key-pkcs1.pem"])) # rsa-key-pkcs1-aes128.pem && run(app(["openssl", "rsa", "-passout", "pass:password", "-aes128", "-in", "rsa-key-pkcs1.pem", "-out", "rsa-key-pkcs1-aes128.pem"])) + # dsa-key-pkcs1.pem + && (!$use_dsa || run(app(["openssl", "gendsa", + "-out", "dsa-key-pkcs1.pem", + data_file("dsaparam.pem")]))) # dsa-key-pkcs1-aes128.pem - && run(app(["openssl", "dsa", "-passout", "pass:password", "-aes128", - "-in", "dsa-key-pkcs1.pem", - "-out", "dsa-key-pkcs1-aes128.pem"])) + && (!$use_dsa || run(app(["openssl", "dsa", + "-passout", "pass:password", "-aes128", + "-in", "dsa-key-pkcs1.pem", + "-out", "dsa-key-pkcs1-aes128.pem"]))) + # ec-key-pkcs1.pem (one might think that 'genec' would be practical) + && (!$use_ecc || run(app(["openssl", "ecparam", "-genkey", + "-name", "prime256v1", + "-out", "ec-key-pkcs1.pem"]))) # ec-key-pkcs1-aes128.pem - && run(app(["openssl", "ec", "-passout", "pass:password", "-aes128", - "-in", "ec-key-pkcs1.pem", - "-out", "ec-key-pkcs1-aes128.pem"])) + && (!$use_ecc || run(app(["openssl", "ec", + "-passout", "pass:password", "-aes128", + "-in", "ec-key-pkcs1.pem", + "-out", "ec-key-pkcs1-aes128.pem"]))) # *-key-pkcs8.pem && runall(sub { my $dstfile = shift; @@ -297,19 +318,19 @@ sub init { # *-cert.pem (intermediary for the .p12 inits) && run(app(["openssl", "req", "-x509", "-config", $cnf, "-nodes", - "-out", "cacert.pem", "-keyout", "cakey.pem"])) + "-key", $cakey, "-out", "cacert.pem"])) && runall(sub { my $srckey = shift; (my $dstfile = $srckey) =~ s|-key-pkcs8\.|-cert.|; (my $csr = $dstfile) =~ s|\.pem|.csr|; (run(app(["openssl", "req", "-new", - "-config", $cnf, + "-config", $cnf, "-section", "userreq", "-key", $srckey, "-out", $csr])) && run(app(["openssl", "x509", "-days", "3650", "-CA", "cacert.pem", - "-CAkey", "cakey.pem", + "-CAkey", $cakey, "-set_serial", time(), "-req", "-in", $csr, "-out", $dstfile]))); }, grep(/-key-pkcs8\.pem$/, @generated_files)) @@ -350,17 +371,21 @@ sub init { my $macalg = $macalgs{$macalg_index}; if (!defined($certpbe) || !defined($keypbe) || !defined($macalg)) { - print STDERR "Cert PBE for $pbe_index not defined\n" + print STDERR "Cert PBE for $certpbe_index not defined\n" unless defined $certpbe; - print STDERR "Key PBE for $pbe_index not defined\n" + print STDERR "Key PBE for $keypbe_index not defined\n" unless defined $keypbe; print STDERR "MACALG for $macalg_index not defined\n" unless defined $macalg; print STDERR "(destination file was $dstfile)\n"; return 0; } - run(app(["openssl", "pkcs12", "-inkey", $srckey, + run(app(["openssl", "pkcs12", + "-provider", "default", + "-provider", "legacy", + "-inkey", $srckey, "-in", $srccert, "-passout", "pass:password", + "-chain", "-CAfile", "cacert.pem", "-export", "-macalg", $macalg, "-certpbe", $certpbe, "-keypbe", $keypbe, "-out", $dstfile])); diff --git a/test/recipes/90-test_store_data/ca.cnf b/test/recipes/90-test_store_data/ca.cnf deleted file mode 100644 index bda6eec4b0..0000000000 --- a/test/recipes/90-test_store_data/ca.cnf +++ /dev/null @@ -1,56 +0,0 @@ -#################################################################### -[ req ] -default_bits = 2432 -default_keyfile = cakey.pem -default_md = sha256 -distinguished_name = req_DN -string_mask = utf8only -x509_extensions = v3_selfsign - -[ req_DN ] -commonName = "Common Name" -commonName_value = "CA" - -[ v3_selfsign ] -basicConstraints = critical,CA:true -keyUsage = keyCertSign -subjectKeyIdentifier=hash - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA -certificate = ./demoCA/cacert.pem -serial = ./demoCA/serial -private_key = ./demoCA/private/cakey.pem -new_certs_dir = ./demoCA/newcerts - -certificate = cacert.pem -private_key = cakey.pem - -x509_extensions = v3_user - -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options - -policy = policy_anything - -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ v3_user ] -basicConstraints=critical,CA:FALSE -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer -issuerAltName=issuer:copy - diff --git a/test/recipes/04-test_pem_data/dsaparam.pem b/test/recipes/90-test_store_data/dsaparam.pem similarity index 100% copy from test/recipes/04-test_pem_data/dsaparam.pem copy to test/recipes/90-test_store_data/dsaparam.pem diff --git a/test/recipes/90-test_store_data/rsa-key-2432.pem b/test/recipes/90-test_store_data/rsa-key-2432.pem new file mode 100644 index 0000000000..b5e37f4b8a --- /dev/null +++ b/test/recipes/90-test_store_data/rsa-key-2432.pem @@ -0,0 +1,32 @@ +-----BEGIN PRIVATE KEY----- +MIIFlQIBADANBgkqhkiG9w0BAQEFAASCBX8wggV7AgEAAoIBMQCrCYwxGQmujZVF +lnZeobOyrk+JiHh4/6IjpepHlb1hRMZbDS2V2kZAupNr3oV14Dx4bDwbxAMOvGQr +sVDiM+LAAZtxXXq6sQNOrq3yTPuCdW6IbsHaB5ZuPwz4cNWOOHs19Jx9UufxoFZ+ +1Cj3WG0joTCTbPNe08llJ67YKCj4b3l19AJKauPFWyLl8sQE5f29rBGGnnJYzrf3 +ZRrrZApbXy2PxDVKfkjLf89la6Hcr/RihgPiZHLoN7TyAPOL4OPY+Jv6fVG9PTrf +3hwoTRD9Wp0ZdmOSCiU93vvoTFovnBMpfh7Qb6k+ufqZV0cvdDWYV7UQO1MBx24R +mqcVGwHzPCMET71GoRNKvtMI3zrN/ZN8lyyqKU3pEPcLvykZ8Pi2lZB31uLA0x6Z +zUe+rEavAgMBAAECggEwM8aFIMvCiYukl1cv5/+tRTbNLwYX6hEAhSgRnq/uj0Zh +gWig1w8nWyrfu7S10/QYeh/RploUzt4quKtJn+AzEQqrgorYvzEcnjH0yDeTn29r +EXPtzNGlMSR3CbImg5IHglLVGH8DZbqy1FvnNtEW4MVHzikaFyenfK6hmB+4H1Sn +gRRnqR1oa/LlwpRV0GHLCSLQf17xoH4chaLLZXi3kdIOIcg9bzDef7APQmKHdu01 +hlAhFZ3rPib63anYtg9jG4hLrZCUHwEwHsOaDEh9QVNSxqZJS2KTtMbYIclK3hDG +wZFmlv9bemE+KiR3EAJt9/xMROjLTNDgTOZZujR/O4IObszQ6obExiL0Z37K0AAz +f0hhMbweg0W1hC3j/pseOZpEvfoK5QZYY0nbdNqVkQKBmQDczLiFYgDEcCbc2ak4 +VGDA/N+R1lUFvfBoBKLlWaOFSnfYC9XrGa1lVe5nMZN4OAgkR4Ogvo1uh5BzXptP +s+fYfh40JS6RFXeO8/K8meFOUnjKiMZroBuFcJHSCDDJZFyfEM1vVqnsaLsqQHAd +casa3PewKvUbUDMWQFNImW6dMuDL3GpKpGc4/eU3208JnpoApcnp2qLPlwKBmQDG +TexoAiQLKRlSHrZcZJTemrTZQFoCPEoXZjbzXHERYoSOcriINWWVuhvAtA64WY/+ +lOYXb3H1kD+CccR1NLUu9lrrFbizeHl9ovrvhLCR8smgVhwP4QjW1fjNYEOfIXXX +BPLCizKSdqDLID/Jph+ym29vOedbjHZmr6Pto3fVBKQPpkLkQmyj061pmknE8DES +k6GFHAAkqQKBmQDTVtxzRwfm/lYkY+417YWikyhHRfihg1k9ptpoXnFG3q1xTHrY +Cf7PFP4ZJfm6Qx9/4jeaP2nOVtGrq+1Kz69lp+mvDbvRwNNsMBGx9jQSrJvTeDE7 +yMcu5T2d5JsV2QtScVnBbRk+IEytt3nYpPkawFAP/j4Xg58yeCV/QuT+cDl8x5+x +jEUE5vhki3TOh1Fut0FZphzaRwKBmHPpKkzlK3JGlKFWiFtbA1VWcm0mWzZBTUF+ +IpJ/LyvtPPQShGBBbd5lyUELPittVmiFWjTKlH7n0OeLXjzwEROhNiWBLdPhkInq +UOjd02OL2WTZ0E9LxyHkMijBouUJ5tpG7yrduDK6GmSAtihE7PQ2PJ1z6BKv+Kku +8w+9ZBbkPo1TLnhDh0L/QLagU4xEpTpphpjKdB75AoGYcaonPrYPhvM+EAe4DDTf +qpxI6wX6P+ws9Fx8VuD/UN3DB8AhE+tlFYQYJQkgqpAvNiOg9ix0mwNDe6oB4xwB +iQKxoBtCKYhwwP7AvXrzyqe73aWtvW9VFYUbdiVQQVqR/+Gd1wL572qFTcnw56je +wxTi4bfTajt7O/nY7jYs3WWstBh0wyl5XNZ14Acic6ZsSp+PLCEfpLo= +-----END PRIVATE KEY----- diff --git a/test/recipes/90-test_store_data/user.cnf b/test/recipes/90-test_store_data/user.cnf deleted file mode 100644 index 91f796947a..0000000000 --- a/test/recipes/90-test_store_data/user.cnf +++ /dev/null @@ -1,19 +0,0 @@ -#################################################################### -[ req ] -default_bits = 2432 -default_md = sha256 -distinguished_name = req_DN -string_mask = utf8only - -req_extensions = v3_req # The extensions to add to a certificate request - -[ req_DN ] -commonName = "Common Name" -commonName_value = "A user" -userId = "User ID" -userId_value = "test" - -[ v3_req ] -extendedKeyUsage = clientAuth -subjectKeyIdentifier = hash -basicConstraints = CA:false From openssl at openssl.org Mon Jun 8 03:57:57 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Jun 2020 03:57:57 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1591588677.397118.4660.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: c4683009ad TEST: Adjust test/bioprinttest.c to behave like the testutil routines 66d8bd4b37 TESTUTIL: Adjust the rest of testutil 8dce4aa2d9 TESTUTIL: Separate TAP output and other output by BIO filter 591315297e Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() f5e23fe889 APPS: Remove unnecessary NULL check of uri in load_cert_pass() 0808a75e4d APPS: Make it possible to load_cert() from stdin again 09527c4935 Fix a typo in SSL_CTX_set_session_ticket_cb.pod 7b2d995ed7 Don't downgrade keys in libssl 7fa2b2673e When asked if an ECX key has parameters we should answer "true" 11391da217 Always create a key when importing 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys 0d52ede716 Fix error path in int create_ssl_ctx_pair() b38425393c Implement a test for sigalgs not being present 3cd69b7458 Implement a Filtering Provider d01d375264 Implement OSSL_PROVIDER_get0_provider_ctx() 5f603a280c Enable applications to directly call a provider's query operation 263ff2c9d4 Check that Signature Algorithms are available before using them eca4713913 APPS: Drop interactive mode in the 'openssl' program 987e3a0eed Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md b1c21b27dc fips: add additional algorithms to the FIPS provider. a64a143f31 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Build log ended with (last 100 lines): ssl/statem/libssl-shlib-statem_dtls.o \ ssl/statem/libssl-shlib-statem_lib.o \ ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld \ engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld \ engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld \ engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld \ engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld \ engines/padlock-dso-e_padlock-x86_64.o \ engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test \ fuzz/asn1parse-test-bin-asn1parse.o \ fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test \ fuzz/bignum-test-bin-bignum.o \ fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bndiv-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bndiv-test \ fuzz/bndiv-test-bin-bndiv.o \ fuzz/bndiv-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/conf-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/conf-test \ fuzz/conf-test-bin-conf.o fuzz/conf-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22667: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' Makefile:22691: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22715: recipe for target 'fuzz/bndiv-test' failed make[1]: *** [fuzz/bndiv-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22786: recipe for target 'fuzz/conf-test' failed make[1]: *** [fuzz/conf-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3030: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Mon Jun 8 06:26:53 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Jun 2020 06:26:53 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1591597613.938475.5274.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: c4683009ad TEST: Adjust test/bioprinttest.c to behave like the testutil routines 66d8bd4b37 TESTUTIL: Adjust the rest of testutil 8dce4aa2d9 TESTUTIL: Separate TAP output and other output by BIO filter 591315297e Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() f5e23fe889 APPS: Remove unnecessary NULL check of uri in load_cert_pass() 0808a75e4d APPS: Make it possible to load_cert() from stdin again 09527c4935 Fix a typo in SSL_CTX_set_session_ticket_cb.pod 7b2d995ed7 Don't downgrade keys in libssl 7fa2b2673e When asked if an ECX key has parameters we should answer "true" 11391da217 Always create a key when importing 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys 0d52ede716 Fix error path in int create_ssl_ctx_pair() b38425393c Implement a test for sigalgs not being present 3cd69b7458 Implement a Filtering Provider d01d375264 Implement OSSL_PROVIDER_get0_provider_ctx() 5f603a280c Enable applications to directly call a provider's query operation 263ff2c9d4 Check that Signature Algorithms are available before using them eca4713913 APPS: Drop interactive mode in the 'openssl' program 987e3a0eed Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md b1c21b27dc fips: add additional algorithms to the FIPS provider. a64a143f31 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=199, Tests=1991, 732 wallclock secs ( 8.45 usr 1.25 sys + 680.55 cusr 45.31 csys = 735.56 CPU) Result: FAIL Makefile:3075: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3073: recipe for target 'tests' failed make: *** [tests] Error 2 From beldmit at gmail.com Mon Jun 8 08:28:38 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Mon, 08 Jun 2020 08:28:38 +0000 Subject: [openssl] master update Message-ID: <1591604918.920136.24231.nullmailer@dev.openssl.org> The branch master has been updated via c8636ebf4a951447754d446810349618ddc77a60 (commit) from 71273ab57a27e0e6a1d4356891a2eb8e2298f458 (commit) - Log ----------------------------------------------------------------- commit c8636ebf4a951447754d446810349618ddc77a60 Author: Hubert Kario Date: Sat Jun 6 22:23:17 2020 +0200 fix doc typo in bn_dh.c while RFC 2312 refers to S/MIME it doesn't actually declare any groups, RFC 2412 actually talks about DH extensively and the group defined in the code below is defined on page 47 of it Reviewed-by: Kurt Roeckx Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12076) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_dh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c index 9a7cc17f62..74ce024004 100644 --- a/crypto/bn/bn_dh.c +++ b/crypto/bn/bn_dh.c @@ -29,7 +29,7 @@ * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } * * RFC3526 specifies a generator of 2. - * RFC2312 specifies a generator of 22. + * RFC2412 specifies a generator of 22. */ static const BN_ULONG modp_1536_p[] = { BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xCA237327, 0xF1746C08), From matt at openssl.org Mon Jun 8 11:05:52 2020 From: matt at openssl.org (Matt Caswell) Date: Mon, 08 Jun 2020 11:05:52 +0000 Subject: [openssl] master update Message-ID: <1591614352.819228.13835.nullmailer@dev.openssl.org> The branch master has been updated via a6d36303e91b79379da2e2ffaa608dba704d3eb8 (commit) via da4db1602d8f7f031f12ddc04de84129138c419c (commit) via cc10b56dbe29e4f254ad1f3abc7ca5216c3069e6 (commit) via 4ffccf6c4deebd6f3ab5d46234c64f957ff1c1c5 (commit) via 95badfeb60603b1bbcfc4d0fef555aed06038d55 (commit) via f434bfaccf033989c765621fdd975ec1bc29c80a (commit) via 996a6ac32bc4dd02098b68445b71f8fa286ef91b (commit) from c8636ebf4a951447754d446810349618ddc77a60 (commit) - Log ----------------------------------------------------------------- commit a6d36303e91b79379da2e2ffaa608dba704d3eb8 Author: Vadim Fedorenko Date: Mon May 4 13:46:04 2020 +0300 TLSv1.3: additional checks in SSL_set_record_padding_callback Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11589) commit da4db1602d8f7f031f12ddc04de84129138c419c Author: Vadim Fedorenko Date: Sat Jan 25 21:49:41 2020 +0300 test: TLS1.3 and new ciphers for kTLS Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11589) commit cc10b56dbe29e4f254ad1f3abc7ca5216c3069e6 Author: Vadim Fedorenko Date: Sat Jan 25 21:49:08 2020 +0300 TLSv13: add kTLS support Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11589) commit 4ffccf6c4deebd6f3ab5d46234c64f957ff1c1c5 Author: Vadim Fedorenko Date: Fri Jan 24 16:57:56 2020 +0300 kTLS: add support for AES_CCM128 and AES_GCM256 The support of new algos is added by converting code to use helper functions found in ktls.h. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11589) commit 95badfeb60603b1bbcfc4d0fef555aed06038d55 Author: Vadim Fedorenko Date: Fri May 1 23:56:48 2020 +0300 kTLS: add Linux-specific kTLS helpers Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11589) commit f434bfaccf033989c765621fdd975ec1bc29c80a Author: Vadim Fedorenko Date: Fri Jan 24 16:08:02 2020 +0300 kTLS: add new algo definitions Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11589) commit 996a6ac32bc4dd02098b68445b71f8fa286ef91b Author: Vadim Fedorenko Date: Fri Jan 24 16:11:02 2020 +0300 kTLS: make ktls_start type independed Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11589) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_sock.c | 9 +- doc/man3/SSL_CTX_set_record_padding_callback.pod | 10 +- include/internal/ktls.h | 284 ++++++++----- include/openssl/ssl.h | 2 +- ssl/record/rec_layer_s3.c | 1 + ssl/ssl_lib.c | 11 +- ssl/t1_enc.c | 50 ++- ssl/tls13_enc.c | 85 +++- test/build.info | 1 + test/sslapitest.c | 503 ++++++++++++++++++----- 10 files changed, 710 insertions(+), 246 deletions(-) diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index a72a476803..ff2bde7a58 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -154,10 +154,11 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) long ret = 1; int *ip; # ifndef OPENSSL_NO_KTLS + size_t crypto_info_len; # ifdef __FreeBSD__ struct tls_enable *crypto_info; # else - struct tls12_crypto_info_aes_gcm_128 *crypto_info; + struct tls_crypto_info_all *crypto_info; # endif # endif @@ -191,10 +192,12 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_SET_KTLS: # ifdef __FreeBSD__ crypto_info = (struct tls_enable *)ptr; + crypto_info_len = sizeof(*crypto_info); # else - crypto_info = (struct tls12_crypto_info_aes_gcm_128 *)ptr; + crypto_info = (struct tls_crypto_info_all *)ptr; + crypto_info_len = crypto_info->tls_crypto_info_len; # endif - ret = ktls_start(b->num, crypto_info, sizeof(*crypto_info), num); + ret = ktls_start(b->num, crypto_info, crypto_info_len, num); if (ret) BIO_set_ktls_flag(b, num); break; diff --git a/doc/man3/SSL_CTX_set_record_padding_callback.pod b/doc/man3/SSL_CTX_set_record_padding_callback.pod index 3df66218fe..445953ef07 100644 --- a/doc/man3/SSL_CTX_set_record_padding_callback.pod +++ b/doc/man3/SSL_CTX_set_record_padding_callback.pod @@ -16,7 +16,7 @@ SSL_set_block_padding - install callback to specify TLS 1.3 record padding #include void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); - void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); + int SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); @@ -32,6 +32,8 @@ SSL_set_block_padding - install callback to specify TLS 1.3 record padding SSL_CTX_set_record_padding_callback() or SSL_set_record_padding_callback() can be used to assign a callback function I to specify the padding for TLS 1.3 records. The value set in B is copied to a new SSL by SSL_new(). +Kernel TLS is not possible if the record padding callback is set, and the callback +function cannot be set if Kernel TLS is already configured for the current SSL object. SSL_CTX_set_record_padding_callback_arg() and SSL_set_record_padding_callback_arg() assign a value B that is passed to the callback when it is invoked. The value @@ -64,6 +66,9 @@ indicates no padding will be added. A return value that causes the record to exceed the maximum record size (SSL3_RT_MAX_PLAIN_LENGTH) will pad out to the maximum record size. +The SSL_CTX_get_record_padding_callback_arg() function returns 1 on success or 0 if +the callback function is not set because Kernel TLS is configured for the SSL object. + =head1 NOTES The default behavior is to add no padding to the record. @@ -84,6 +89,9 @@ L, L The record padding API was added for TLS 1.3 support in OpenSSL 1.1.1. +The return type of SSL_CTX_set_record_padding_callback() function was +changed to int in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/internal/ktls.h b/include/internal/ktls.h index 209dff1689..093a661843 100644 --- a/include/internal/ktls.h +++ b/include/internal/ktls.h @@ -7,6 +7,19 @@ * https://www.openssl.org/source/license.html */ +#if defined(OPENSSL_SYS_LINUX) +# ifndef OPENSSL_NO_KTLS +# include +# if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) +# define OPENSSL_NO_KTLS +# ifndef PEDANTIC +# warning "KTLS requires Kernel Headers >= 4.13.0" +# warning "Skipping Compilation of KTLS" +# endif +# endif +# endif +#endif + #ifndef OPENSSL_NO_KTLS # ifndef HEADER_INTERNAL_KTLS # define HEADER_INTERNAL_KTLS @@ -40,12 +53,12 @@ static ossl_inline int ktls_enable(int fd) * provided here. */ static ossl_inline int ktls_start(int fd, - struct tls_enable *tls_en, + void *tls_en, size_t len, int is_tx) { if (is_tx) return setsockopt(fd, IPPROTO_TCP, TCP_TXTLS_ENABLE, - tls_en, sizeof(*tls_en)) ? 0 : 1; + tls_en, len) ? 0 : 1; else return 0; } @@ -109,94 +122,57 @@ static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, # endif /* __FreeBSD__ */ # if defined(OPENSSL_SYS_LINUX) -# include - -# define K_MAJ 4 -# define K_MIN1 13 -# define K_MIN2 0 -# if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) +# include +# if LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0) +# define OPENSSL_NO_KTLS_RX # ifndef PEDANTIC -# warning "KTLS requires Kernel Headers >= 4.13.0" -# warning "Skipping Compilation of KTLS" +# warning "KTLS requires Kernel Headers >= 4.17.0 for receiving" +# warning "Skipping Compilation of KTLS receive data path" +# endif +# endif +# define OPENSSL_KTLS_AES_GCM_128 +# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) +# define OPENSSL_KTLS_AES_GCM_256 +# define OPENSSL_KTLS_TLS13 +# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) +# define OPENSSL_KTLS_AES_CCM_128 # endif +# endif -# define TLS_TX 1 -# define TLS_RX 2 +# include +# include +# include +# include "openssl/ssl3.h" +# include "openssl/tls1.h" +# include "openssl/evp.h" -# define TLS_CIPHER_AES_GCM_128 51 -# define TLS_CIPHER_AES_GCM_128_IV_SIZE 8 -# define TLS_CIPHER_AES_GCM_128_KEY_SIZE 16 -# define TLS_CIPHER_AES_GCM_128_SALT_SIZE 4 -# define TLS_CIPHER_AES_GCM_128_TAG_SIZE 16 -# define TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE 8 +# ifndef SOL_TLS +# define SOL_TLS 282 +# endif -# define TLS_SET_RECORD_TYPE 1 +# ifndef TCP_ULP +# define TCP_ULP 31 +# endif -struct tls_crypto_info { - unsigned short version; - unsigned short cipher_type; -}; +# ifndef TLS_RX +# define TLS_RX 2 +# endif -struct tls12_crypto_info_aes_gcm_128 { - struct tls_crypto_info info; - unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE]; - unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE]; - unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE]; - unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; +struct tls_crypto_info_all { + union { +# ifdef OPENSSL_KTLS_AES_GCM_128 + struct tls12_crypto_info_aes_gcm_128 gcm128; +# endif +# ifdef OPENSSL_KTLS_AES_GCM_256 + struct tls12_crypto_info_aes_gcm_256 gcm256; +# endif +# ifdef OPENSSL_KTLS_AES_CCM_128 + struct tls12_crypto_info_aes_ccm_128 ccm128; +# endif + }; + size_t tls_crypto_info_len; }; - -/* Dummy functions here */ -static ossl_inline int ktls_enable(int fd) -{ - return 0; -} - -static ossl_inline int ktls_start(int fd, - struct tls12_crypto_info_aes_gcm_128 - *crypto_info, size_t len, int is_tx) -{ - return 0; -} - -static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, - const void *data, size_t length) -{ - return -1; -} - -static ossl_inline int ktls_read_record(int fd, void *data, size_t length) -{ - return -1; -} - -static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, size_t size, int flags) -{ - return -1; -} - -# else /* KERNEL_VERSION */ - -# include -# include -# include -# include -# include "openssl/ssl3.h" -# include "openssl/tls1.h" -# include "openssl/evp.h" - -# ifndef SOL_TLS -# define SOL_TLS 282 -# endif - -# ifndef TCP_ULP -# define TCP_ULP 31 -# endif - -# ifndef TLS_RX -# define TLS_RX 2 -# endif - /* * When successful, this socket option doesn't change the behaviour of the * TCP socket, except changing the TCP setsockopt handler to enable the @@ -216,12 +192,11 @@ static ossl_inline int ktls_enable(int fd) * If successful, then data received using this socket will be decrypted, * authenticated and decapsulated using the crypto_info provided here. */ -static ossl_inline int ktls_start(int fd, - struct tls12_crypto_info_aes_gcm_128 - *crypto_info, size_t len, int is_tx) +static ossl_inline int ktls_start(int fd, void *crypto_info, + size_t len, int is_tx) { return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX, - crypto_info, sizeof(*crypto_info)) ? 0 : 1; + crypto_info, len) ? 0 : 1; } /* @@ -270,20 +245,15 @@ static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, size_t s return sendfile(s, fd, &off, size); } -# define K_MIN1_RX 17 -# if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1_RX, K_MIN2) +# ifdef OPENSSL_NO_KTLS_RX -# ifndef PEDANTIC -# warning "KTLS requires Kernel Headers >= 4.17.0 for receiving" -# warning "Skipping Compilation of KTLS receive data path" -# endif static ossl_inline int ktls_read_record(int fd, void *data, size_t length) { return -1; } -# else +# else /* !defined(OPENSSL_NO_KTLS_RX) */ /* * Receive a TLS record using the crypto_info provided in ktls_start. @@ -338,8 +308,132 @@ static ossl_inline int ktls_read_record(int fd, void *data, size_t length) return ret; } -# endif -# endif +# endif /* OPENSSL_NO_KTLS_RX */ + +/* Function to check supported ciphers in Linux */ +static ossl_inline int ktls_check_supported_cipher(const EVP_CIPHER *c, + const EVP_CIPHER_CTX *dd) +{ + /* check that cipher is AES_GCM_128, AES_GCM_256, AES_CCM_128 */ + switch (EVP_CIPHER_nid(c)) + { +# ifdef OPENSSL_KTLS_AES_CCM_128 + case NID_aes_128_ccm: + if (EVP_CIPHER_CTX_tag_length(dd) != EVP_CCM_TLS_TAG_LEN) + return 0; # endif -# endif +# ifdef OPENSSL_KTLS_AES_GCM_128 + case NID_aes_128_gcm: +# endif +# ifdef OPENSSL_KTLS_AES_GCM_256 + case NID_aes_256_gcm: +# endif + return 1; + default: + return 0; + } +} + +/* Function to configure kernel TLS structure */ +static ossl_inline int ktls_configure_crypto(const EVP_CIPHER *c, int tls_version, + EVP_CIPHER_CTX *dd, void *rl_sequence, + struct tls_crypto_info_all *crypto_info, + unsigned char **rec_seq, unsigned char *iv, + unsigned char *key) +{ + unsigned char geniv[12]; + unsigned char *iiv = iv; + + if (tls_version == TLS1_2_VERSION && + EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { + EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GET_IV, + EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN, + geniv); + iiv = geniv; + } + + memset(crypto_info, 0, sizeof(*crypto_info)); + switch (EVP_CIPHER_nid(c)) + { +# ifdef OPENSSL_KTLS_AES_GCM_128 + case NID_aes_128_gcm: + crypto_info->gcm128.info.cipher_type = TLS_CIPHER_AES_GCM_128; + crypto_info->gcm128.info.version = tls_version; + crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128); + memcpy(crypto_info->gcm128.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN, + TLS_CIPHER_AES_GCM_128_IV_SIZE); + memcpy(crypto_info->gcm128.salt, iiv, TLS_CIPHER_AES_GCM_128_SALT_SIZE); + memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->gcm128.rec_seq, rl_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + if (rec_seq != NULL) + *rec_seq = crypto_info->gcm128.rec_seq; + return 1; +# endif +# ifdef OPENSSL_KTLS_AES_GCM_256 + case NID_aes_256_gcm: + crypto_info->gcm256.info.cipher_type = TLS_CIPHER_AES_GCM_256; + crypto_info->gcm256.info.version = tls_version; + crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256); + memcpy(crypto_info->gcm256.iv, iiv + EVP_GCM_TLS_FIXED_IV_LEN, + TLS_CIPHER_AES_GCM_256_IV_SIZE); + memcpy(crypto_info->gcm256.salt, iiv, TLS_CIPHER_AES_GCM_256_SALT_SIZE); + memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->gcm256.rec_seq, rl_sequence, + TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); + if (rec_seq != NULL) + *rec_seq = crypto_info->gcm256.rec_seq; + return 1; +# endif +# ifdef OPENSSL_KTLS_AES_CCM_128 + case NID_aes_128_ccm: + crypto_info->ccm128.info.cipher_type = TLS_CIPHER_AES_CCM_128; + crypto_info->ccm128.info.version = tls_version; + crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128); + memcpy(crypto_info->ccm128.iv, iiv + EVP_CCM_TLS_FIXED_IV_LEN, + TLS_CIPHER_AES_CCM_128_IV_SIZE); + memcpy(crypto_info->ccm128.salt, iiv, TLS_CIPHER_AES_CCM_128_SALT_SIZE); + memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_key_length(c)); + memcpy(crypto_info->ccm128.rec_seq, rl_sequence, + TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); + if (rec_seq != NULL) + *rec_seq = crypto_info->ccm128.rec_seq; + return 1; +# endif + default: + return 0; + } + +} + +# endif /* OPENSSL_SYS_LINUX */ +# endif /* HEADER_INTERNAL_KTLS */ +#else /* defined(OPENSSL_NO_KTLS) */ +/* Dummy functions here */ +static ossl_inline int ktls_enable(int fd) +{ + return 0; +} + +static ossl_inline int ktls_start(int fd, void *crypto_info, + size_t len, int is_tx) +{ + return 0; +} + +static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, + const void *data, size_t length) +{ + return -1; +} + +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + return -1; +} + +static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, size_t size, int flags) +{ + return -1; +} #endif diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c039b2a04a..f855f9470d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2167,7 +2167,7 @@ void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); -void SSL_set_record_padding_callback(SSL *ssl, +int SSL_set_record_padding_callback(SSL *ssl, size_t (*cb) (SSL *ssl, int type, size_t len, void *arg)); void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index b1dcd517e2..fac3506b19 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -945,6 +945,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, } if (SSL_TREAT_AS_TLS13(s) + && !BIO_get_ktls_send(s->wbio) && s->enc_write_ctx != NULL && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS || type != SSL3_RT_ALERT)) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c2c2388716..9fb65b6825 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4645,11 +4645,18 @@ int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size) return 1; } -void SSL_set_record_padding_callback(SSL *ssl, +int SSL_set_record_padding_callback(SSL *ssl, size_t (*cb) (SSL *ssl, int type, size_t len, void *arg)) { - ssl->record_padding_cb = cb; + BIO *b; + + b = SSL_get_wbio(ssl); + if (b == NULL || !BIO_get_ktls_send(b)) { + ssl->record_padding_cb = cb; + return 1; + } + return 0; } void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 7f908f3b4c..108c7f1640 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -109,6 +109,7 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) * record layer. If read_ahead is enabled, then this might be false and this * function will fail. */ +# ifndef OPENSSL_NO_KTLS_RX static int count_unprocessed_records(SSL *s) { SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); @@ -132,6 +133,7 @@ static int count_unprocessed_records(SSL *s) return count; } +# endif #endif int tls1_change_cipher_state(SSL *s, int which) @@ -154,10 +156,13 @@ int tls1_change_cipher_state(SSL *s, int which) # ifdef __FreeBSD__ struct tls_enable crypto_info; # else - struct tls12_crypto_info_aes_gcm_128 crypto_info; - unsigned char geniv[12]; + struct tls_crypto_info_all crypto_info; + unsigned char *rec_seq; + void *rl_sequence; +# ifndef OPENSSL_NO_KTLS_RX int count_unprocessed; int bit; +# endif # endif BIO *bio; #endif @@ -441,14 +446,12 @@ int tls1_change_cipher_state(SSL *s, int which) crypto_info.iv = iv; crypto_info.tls_vmajor = (s->version >> 8) & 0x000000ff; crypto_info.tls_vminor = (s->version & 0x000000ff); -# else - /* check that cipher is AES_GCM_128 */ - if (EVP_CIPHER_nid(c) != NID_aes_128_gcm - || EVP_CIPHER_mode(c) != EVP_CIPH_GCM_MODE - || EVP_CIPHER_key_length(c) != TLS_CIPHER_AES_GCM_128_KEY_SIZE) +# else /* !defined(__FreeBSD__) */ + /* check that cipher is supported */ + if (!ktls_check_supported_cipher(c, dd)) goto skip_ktls; - /* check version is 1.2 */ + /* check version */ if (s->version != TLS1_2_VERSION) goto skip_ktls; # endif @@ -479,25 +482,17 @@ int tls1_change_cipher_state(SSL *s, int which) } # ifndef __FreeBSD__ - memset(&crypto_info, 0, sizeof(crypto_info)); - crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128; - crypto_info.info.version = s->version; - - EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GET_IV, - EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN, - geniv); - memcpy(crypto_info.iv, geniv + EVP_GCM_TLS_FIXED_IV_LEN, - TLS_CIPHER_AES_GCM_128_IV_SIZE); - memcpy(crypto_info.salt, geniv, TLS_CIPHER_AES_GCM_128_SALT_SIZE); - memcpy(crypto_info.key, key, EVP_CIPHER_key_length(c)); if (which & SSL3_CC_WRITE) - memcpy(crypto_info.rec_seq, &s->rlayer.write_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer); else - memcpy(crypto_info.rec_seq, &s->rlayer.read_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); + + if (!ktls_configure_crypto(c, s->version, dd, rl_sequence, &crypto_info, + &rec_seq, iv, key)) + goto skip_ktls; if (which & SSL3_CC_READ) { +# ifndef OPENSSL_NO_KTLS_RX count_unprocessed = count_unprocessed_records(s); if (count_unprocessed < 0) goto skip_ktls; @@ -505,14 +500,17 @@ int tls1_change_cipher_state(SSL *s, int which) /* increment the crypto_info record sequence */ while (count_unprocessed) { for (bit = 7; bit >= 0; bit--) { /* increment */ - ++crypto_info.rec_seq[bit]; - if (crypto_info.rec_seq[bit] != 0) + ++rec_seq[bit]; + if (rec_seq[bit] != 0) break; } count_unprocessed--; } +# else + goto skip_ktls; +# endif } -# endif +# endif /* !__FreeBSD__ */ /* ktls works with user provided buffers directly */ if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) { diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 1775152eeb..ba385f6ea2 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -9,6 +9,8 @@ #include #include "ssl_local.h" +#include "internal/ktls.h" +#include "record/record_local.h" #include "internal/cryptlib.h" #include #include @@ -409,9 +411,9 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, const unsigned char *hash, const unsigned char *label, size_t labellen, unsigned char *secret, - unsigned char *iv, EVP_CIPHER_CTX *ciph_ctx) + unsigned char *key, unsigned char *iv, + EVP_CIPHER_CTX *ciph_ctx) { - unsigned char key[EVP_MAX_KEY_LENGTH]; size_t ivlen, keylen, taglen; int hashleni = EVP_MD_size(md); size_t hashlen; @@ -420,14 +422,14 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, if (!ossl_assert(hashleni >= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, ERR_R_EVP_LIB); - goto err; + return 0; } hashlen = (size_t)hashleni; if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen, secret, hashlen, 1)) { /* SSLfatal() already called */ - goto err; + return 0; } /* TODO(size_t): convert me */ @@ -447,7 +449,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, } else { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, ERR_R_EVP_LIB); - goto err; + return 0; } if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8)) taglen = EVP_CCM8_TLS_TAG_LEN; @@ -461,7 +463,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, if (!tls13_derive_key(s, md, secret, key, keylen) || !tls13_derive_iv(s, md, secret, iv, ivlen)) { /* SSLfatal() already called */ - goto err; + return 0; } if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0 @@ -471,13 +473,10 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, || EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV, ERR_R_EVP_LIB); - goto err; + return 0; } return 1; - err: - OPENSSL_cleanse(key, sizeof(key)); - return 0; } int tls13_change_cipher_state(SSL *s, int which) @@ -502,6 +501,7 @@ int tls13_change_cipher_state(SSL *s, int which) static const unsigned char early_exporter_master_secret[] = "e exp master"; #endif unsigned char *iv; + unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char secret[EVP_MAX_MD_SIZE]; unsigned char hashval[EVP_MAX_MD_SIZE]; unsigned char *hash = hashval; @@ -515,6 +515,12 @@ int tls13_change_cipher_state(SSL *s, int which) int ret = 0; const EVP_MD *md = NULL; const EVP_CIPHER *cipher = NULL; +#if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13) +# ifndef __FreeBSD__ + struct tls_crypto_info_all crypto_info; + BIO *bio; +# endif +#endif if (which & SSL3_CC_READ) { if (s->enc_read_ctx != NULL) { @@ -729,9 +735,13 @@ int tls13_change_cipher_state(SSL *s, int which) } } + /* check whether cipher is known */ + if(!ossl_assert(cipher != NULL)) + goto err; + if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher, - insecret, hash, label, labellen, secret, iv, - ciph_ctx)) { + insecret, hash, label, labellen, secret, key, + iv, ciph_ctx)) { /* SSLfatal() already called */ goto err; } @@ -772,12 +782,57 @@ int tls13_change_cipher_state(SSL *s, int which) s->statem.enc_write_state = ENC_WRITE_STATE_WRITE_PLAIN_ALERTS; else s->statem.enc_write_state = ENC_WRITE_STATE_VALID; +#ifndef OPENSSL_NO_KTLS +# if defined(OPENSSL_KTLS_TLS13) +# ifndef __FreeBSD__ + if (!(which & SSL3_CC_WRITE) || !(which & SSL3_CC_APPLICATION) + || ((which & SSL3_CC_WRITE) && (s->mode & SSL_MODE_NO_KTLS_TX))) + goto skip_ktls; + + /* ktls supports only the maximum fragment size */ + if (ssl_get_max_send_fragment(s) != SSL3_RT_MAX_PLAIN_LENGTH) + goto skip_ktls; + + /* ktls does not support record padding */ + if (s->record_padding_cb != NULL) + goto skip_ktls; + + /* check that cipher is supported */ + if (!ktls_check_supported_cipher(cipher, ciph_ctx)) + goto skip_ktls; + + bio = s->wbio; + + if (!ossl_assert(bio != NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE, + ERR_R_INTERNAL_ERROR); + goto err; + } + + /* All future data will get encrypted by ktls. Flush the BIO or skip ktls */ + if (BIO_flush(bio) <= 0) + goto skip_ktls; + + /* configure kernel crypto structure */ + if (!ktls_configure_crypto(cipher, s->version, ciph_ctx, + RECORD_LAYER_get_write_sequence(&s->rlayer), + &crypto_info, NULL, iv, key)) + goto skip_ktls; + + /* ktls works with user provided buffers directly */ + if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) + ssl3_release_write_buffer(s); +# endif +skip_ktls: +# endif +#endif ret = 1; err: if ((which & SSL3_CC_EARLY) != 0) { /* We up-refed this so now we need to down ref */ ssl_evp_cipher_free(cipher); } + OPENSSL_cleanse(key, sizeof(key)); OPENSSL_cleanse(secret, sizeof(secret)); return ret; } @@ -791,6 +846,7 @@ int tls13_update_key(SSL *s, int sending) #endif const EVP_MD *md = ssl_handshake_md(s); size_t hashlen = EVP_MD_size(md); + unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char *insecret, *iv; unsigned char secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *ciph_ctx; @@ -815,8 +871,8 @@ int tls13_update_key(SSL *s, int sending) if (!derive_secret_key_and_iv(s, sending, ssl_handshake_md(s), s->s3.tmp.new_sym_enc, insecret, NULL, application_traffic, - sizeof(application_traffic) - 1, secret, iv, - ciph_ctx)) { + sizeof(application_traffic) - 1, secret, key, + iv, ciph_ctx)) { /* SSLfatal() already called */ goto err; } @@ -826,6 +882,7 @@ int tls13_update_key(SSL *s, int sending) s->statem.enc_write_state = ENC_WRITE_STATE_VALID; ret = 1; err: + OPENSSL_cleanse(key, sizeof(key)); OPENSSL_cleanse(secret, sizeof(secret)); return ret; } diff --git a/test/build.info b/test/build.info index 6256a34c91..b98d1b52cc 100644 --- a/test/build.info +++ b/test/build.info @@ -675,6 +675,7 @@ IF[{- !$disabled{tests} -}] IF[{- !$disabled{shared} -}] PROGRAMS{noinst}=tls13secretstest SOURCE[tls13secretstest]=tls13secretstest.c + DEFINE[tls13secretstest]=OPENSSL_NO_KTLS SOURCE[tls13secretstest]= ../ssl/tls13_enc.c ../crypto/packet.c INCLUDE[tls13secretstest]=.. ../include ../apps/include DEPEND[tls13secretstest]=../libcrypto ../libssl libtestutil.a diff --git a/test/sslapitest.c b/test/sslapitest.c index 8847ba38ce..23e6b7d0f6 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -856,9 +856,9 @@ static int execute_test_large_message(const SSL_METHOD *smeth, return testresult; } -#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \ - && !defined(OPENSSL_NO_SOCK) - +#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_KTLS) && \ + !(defined(OPENSSL_NO_TLS1_3) && defined(OPENSSL_NO_TLS1_2)) +#define TLS_CIPHER_MAX_REC_SEQ_SIZE 8 /* sock must be connected */ static int ktls_chk_platform(int sock) { @@ -867,30 +867,26 @@ static int ktls_chk_platform(int sock) return 1; } -static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd) +static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd, int rec_seq_size) { static char count = 1; unsigned char cbuf[16000] = {0}; unsigned char sbuf[16000]; size_t err = 0; - char crec_wseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; - char crec_wseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; - char crec_rseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; - char crec_rseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; - char srec_wseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; - char srec_wseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; - char srec_rseq_before[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; - char srec_rseq_after[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE]; + char crec_wseq_before[TLS_CIPHER_MAX_REC_SEQ_SIZE]; + char crec_wseq_after[TLS_CIPHER_MAX_REC_SEQ_SIZE]; + char crec_rseq_before[TLS_CIPHER_MAX_REC_SEQ_SIZE]; + char crec_rseq_after[TLS_CIPHER_MAX_REC_SEQ_SIZE]; + char srec_wseq_before[TLS_CIPHER_MAX_REC_SEQ_SIZE]; + char srec_wseq_after[TLS_CIPHER_MAX_REC_SEQ_SIZE]; + char srec_rseq_before[TLS_CIPHER_MAX_REC_SEQ_SIZE]; + char srec_rseq_after[TLS_CIPHER_MAX_REC_SEQ_SIZE]; cbuf[0] = count++; - memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); - memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); - memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); - memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, rec_seq_size); + memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence, rec_seq_size); + memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, rec_seq_size); + memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, rec_seq_size); if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf))) goto end; @@ -910,14 +906,10 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd) } } - memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); - memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); - memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); - memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); + memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, rec_seq_size); + memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence, rec_seq_size); + memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, rec_seq_size); + memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, rec_seq_size); /* verify the payload */ if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf))) @@ -925,42 +917,42 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl, int cfd, int sfd) /* ktls is used then kernel sequences are used instead of OpenSSL sequences */ if (clientssl->mode & SSL_MODE_NO_KTLS_TX) { - if (!TEST_mem_ne(crec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, - crec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + if (!TEST_mem_ne(crec_wseq_before, rec_seq_size, + crec_wseq_after, rec_seq_size)) goto end; } else { - if (!TEST_mem_eq(crec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, - crec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + if (!TEST_mem_eq(crec_wseq_before, rec_seq_size, + crec_wseq_after, rec_seq_size)) goto end; } if (serverssl->mode & SSL_MODE_NO_KTLS_TX) { - if (!TEST_mem_ne(srec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, - srec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + if (!TEST_mem_ne(srec_wseq_before, rec_seq_size, + srec_wseq_after, rec_seq_size)) goto end; } else { - if (!TEST_mem_eq(srec_wseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, - srec_wseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + if (!TEST_mem_eq(srec_wseq_before, rec_seq_size, + srec_wseq_after, rec_seq_size)) goto end; } if (clientssl->mode & SSL_MODE_NO_KTLS_RX) { - if (!TEST_mem_ne(crec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, - crec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + if (!TEST_mem_ne(crec_rseq_before, rec_seq_size, + crec_rseq_after, rec_seq_size)) goto end; } else { - if (!TEST_mem_eq(crec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, - crec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + if (!TEST_mem_eq(crec_rseq_before, rec_seq_size, + crec_rseq_after, rec_seq_size)) goto end; } if (serverssl->mode & SSL_MODE_NO_KTLS_RX) { - if (!TEST_mem_ne(srec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, - srec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + if (!TEST_mem_ne(srec_rseq_before, rec_seq_size, + srec_rseq_after, rec_seq_size)) goto end; } else { - if (!TEST_mem_eq(srec_rseq_before, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE, - srec_rseq_after, TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE)) + if (!TEST_mem_eq(srec_rseq_before, rec_seq_size, + srec_rseq_after, rec_seq_size)) goto end; } @@ -970,7 +962,9 @@ end: } static int execute_test_ktls(int cis_ktls_tx, int cis_ktls_rx, - int sis_ktls_tx, int sis_ktls_rx) + int sis_ktls_tx, int sis_ktls_rx, + int tls_version, const char *cipher, + int rec_seq_size) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -987,10 +981,9 @@ static int execute_test_ktls(int cis_ktls_tx, int cis_ktls_rx, /* Create a session based on SHA-256 */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), - TLS1_2_VERSION, TLS1_2_VERSION, + tls_version, tls_version, &sctx, &cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_cipher_list(cctx, - "AES128-GCM-SHA256")) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, cipher)) || !TEST_true(create_ssl_objects2(sctx, cctx, &serverssl, &clientssl, sfd, cfd))) goto end; @@ -1051,7 +1044,8 @@ static int execute_test_ktls(int cis_ktls_tx, int cis_ktls_rx, goto end; } - if (!TEST_true(ping_pong_query(clientssl, serverssl, cfd, sfd))) + if (!TEST_true(ping_pong_query(clientssl, serverssl, cfd, sfd, + rec_seq_size))) goto end; testresult = 1; @@ -1074,7 +1068,7 @@ end: #define SENDFILE_CHUNK (4 * 4096) #define min(a,b) ((a) > (b) ? (b) : (a)) -static int test_ktls_sendfile(void) +static int test_ktls_sendfile(int tls_version, const char *cipher) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -1101,10 +1095,9 @@ static int test_ktls_sendfile(void) /* Create a session based on SHA-256 */ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), - TLS1_2_VERSION, TLS1_2_VERSION, + tls_version, tls_version, &sctx, &cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_cipher_list(cctx, - "AES128-GCM-SHA256")) + || !TEST_true(SSL_CTX_set_cipher_list(cctx, cipher)) || !TEST_true(create_ssl_objects2(sctx, cctx, &serverssl, &clientssl, sfd, cfd))) goto end; @@ -1175,85 +1168,401 @@ end: return testresult; } -static int test_ktls_no_txrx_client_no_txrx_server(void) +static int test_ktls_no_txrx_client_no_txrx_server(int tlsver) { - return execute_test_ktls(0, 0, 0, 0); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(0, 0, 0, 0, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(0, 0, 0, 0, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(0, 0, 0, 0, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_no_rx_client_no_txrx_server(void) +static int test_ktls_no_rx_client_no_txrx_server(int tlsver) { - return execute_test_ktls(1, 0, 0, 0); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(1, 0, 0, 0, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(1, 0, 0, 0, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(1, 0, 0, 0, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_no_tx_client_no_txrx_server(void) +static int test_ktls_no_tx_client_no_txrx_server(int tlsver) { - return execute_test_ktls(0, 1, 0, 0); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(0, 1, 0, 0, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(0, 1, 0, 0, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(0, 1, 0, 0, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_client_no_txrx_server(void) +static int test_ktls_client_no_txrx_server(int tlsver) { - return execute_test_ktls(1, 1, 0, 0); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(1, 1, 0, 0, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(1, 1, 0, 0, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(1, 1, 0, 0, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_no_txrx_client_no_rx_server(void) +static int test_ktls_no_txrx_client_no_rx_server(int tlsver) { - return execute_test_ktls(0, 0, 1, 0); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(0, 0, 1, 0, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(0, 0, 1, 0, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(0, 0, 1, 0, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_no_rx_client_no_rx_server(void) +static int test_ktls_no_rx_client_no_rx_server(int tlsver) { - return execute_test_ktls(1, 0, 1, 0); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(1, 0, 1, 0, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(1, 0, 1, 0, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(1, 0, 1, 0, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_no_tx_client_no_rx_server(void) +static int test_ktls_no_tx_client_no_rx_server(int tlsver) { - return execute_test_ktls(0, 1, 1, 0); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(0, 1, 1, 0, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(0, 1, 1, 0, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(0, 1, 1, 0, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_client_no_rx_server(void) +static int test_ktls_client_no_rx_server(int tlsver) { - return execute_test_ktls(1, 1, 1, 0); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(1, 1, 1, 0, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(1, 1, 1, 0, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(1, 1, 1, 0, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_no_txrx_client_no_tx_server(void) +static int test_ktls_no_txrx_client_no_tx_server(int tlsver) { - return execute_test_ktls(0, 0, 0, 1); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(0, 0, 0, 1, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(0, 0, 0, 1, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(0, 0, 0, 1, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_no_rx_client_no_tx_server(void) +static int test_ktls_no_rx_client_no_tx_server(int tlsver) { - return execute_test_ktls(1, 0, 0, 1); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(1, 0, 0, 1, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(1, 0, 0, 1, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(1, 0, 0, 1, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_no_tx_client_no_tx_server(void) +static int test_ktls_no_tx_client_no_tx_server(int tlsver) { - return execute_test_ktls(0, 1, 0, 1); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(0, 1, 0, 1, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(0, 1, 0, 1, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(0, 1, 0, 1, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_client_no_tx_server(void) +static int test_ktls_client_no_tx_server(int tlsver) { - return execute_test_ktls(1, 1, 0, 1); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(1, 1, 0, 1, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(1, 1, 0, 1, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(1, 1, 0, 1, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_no_txrx_client_server(void) +static int test_ktls_no_txrx_client_server(int tlsver) { - return execute_test_ktls(0, 0, 1, 1); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(0, 0, 1, 1, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(0, 0, 1, 1, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(0, 0, 1, 1, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_no_rx_client_server(void) +static int test_ktls_no_rx_client_server(int tlsver) { - return execute_test_ktls(1, 0, 1, 1); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(1, 0, 1, 1, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(1, 0, 1, 1, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(1, 0, 1, 1, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; } -static int test_ktls_no_tx_client_server(void) +static int test_ktls_no_tx_client_server(int tlsver) { - return execute_test_ktls(0, 1, 1, 1); + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(0, 1, 1, 1, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(0, 1, 1, 1, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(0, 1, 1, 1, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; +} + +static int test_ktls_client_server(int tlsver) +{ + int testresult = 1; + +#ifdef OPENSSL_KTLS_AES_GCM_128 + testresult &= execute_test_ktls(1, 1, 1, 1, tlsver, + "AES128-GCM-SHA256", TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_CCM_128 + testresult &= execute_test_ktls(1, 1, 1, 1, tlsver, + "AES128-CCM-SHA256", TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +#endif +#ifdef OPENSSL_KTLS_AES_GCM_256 + testresult &= execute_test_ktls(1, 1, 1, 1, tlsver, + "AES256-GCM-SHA384", TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +#endif + return testresult; +} + +#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3) +static int test_ktls(int test) +{ + int tlsver; + + if (test > 15) { +#if defined(OPENSSL_NO_TLS1_3) + return 1; +#else + test -= 16; + tlsver = TLS1_3_VERSION; +#endif + } else { +#if defined(OPENSSL_NO_TLS1_2) + return 1; +#else + tlsver = TLS1_2_VERSION; +#endif + } + + switch(test) { + case 0: + return test_ktls_no_txrx_client_no_txrx_server(tlsver); + case 1: + return test_ktls_no_rx_client_no_txrx_server(tlsver); + case 2: + return test_ktls_no_tx_client_no_txrx_server(tlsver); + case 3: + return test_ktls_client_no_txrx_server(tlsver); + case 4: + return test_ktls_no_txrx_client_no_rx_server(tlsver); + case 5: + return test_ktls_no_rx_client_no_rx_server(tlsver); + case 6: + return test_ktls_no_tx_client_no_rx_server(tlsver); + case 7: + return test_ktls_client_no_rx_server(tlsver); + case 8: + return test_ktls_no_txrx_client_no_tx_server(tlsver); + case 9: + return test_ktls_no_rx_client_no_tx_server(tlsver); + case 10: + return test_ktls_no_tx_client_no_tx_server(tlsver); + case 11: + return test_ktls_client_no_tx_server(tlsver); + case 12: + return test_ktls_no_txrx_client_server(tlsver); + case 13: + return test_ktls_no_rx_client_server(tlsver); + case 14: + return test_ktls_no_tx_client_server(tlsver); + case 15: + return test_ktls_client_server(tlsver); + default: + return 0; + } } -static int test_ktls_client_server(void) +static int test_ktls_sendfile_anytls(int tst) { - return execute_test_ktls(1, 1, 1, 1); + char *cipher[] = {"AES128-GCM-SHA256","AES128-CCM-SHA256","AES256-GCM-SHA384"}; + int tlsver; + + if (tst > 2) { +#if defined(OPENSSL_NO_TLS1_3) + return 1; +#else + tst -= 3; + tlsver = TLS1_3_VERSION; +#endif + } else { +#if defined(OPENSSL_NO_TLS1_2) + return 1; +#else + tlsver = TLS1_2_VERSION; +#endif + } + +#ifndef OPENSSL_KTLS_AES_GCM_128 + if(tst == 0) return 1; +#endif +#ifndef OPENSSL_KTLS_AES_CCM_128 + if(tst == 1) return 1; +#endif +#ifndef OPENSSL_KTLS_AES_GCM_256 + if(tst == 2) return 1; +#endif + return test_ktls_sendfile(tlsver, cipher[tst]); } + +#endif #endif static int test_large_message_tls(void) @@ -7876,25 +8185,11 @@ int setup_tests(void) if (privkey2 == NULL) goto err; -#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_KTLS) \ - && !defined(OPENSSL_NO_SOCK) - ADD_TEST(test_ktls_no_txrx_client_no_txrx_server); - ADD_TEST(test_ktls_no_rx_client_no_txrx_server); - ADD_TEST(test_ktls_no_tx_client_no_txrx_server); - ADD_TEST(test_ktls_client_no_txrx_server); - ADD_TEST(test_ktls_no_txrx_client_no_rx_server); - ADD_TEST(test_ktls_no_rx_client_no_rx_server); - ADD_TEST(test_ktls_no_tx_client_no_rx_server); - ADD_TEST(test_ktls_client_no_rx_server); - ADD_TEST(test_ktls_no_txrx_client_no_tx_server); - ADD_TEST(test_ktls_no_rx_client_no_tx_server); - ADD_TEST(test_ktls_no_tx_client_no_tx_server); - ADD_TEST(test_ktls_client_no_tx_server); - ADD_TEST(test_ktls_no_txrx_client_server); - ADD_TEST(test_ktls_no_rx_client_server); - ADD_TEST(test_ktls_no_tx_client_server); - ADD_TEST(test_ktls_client_server); - ADD_TEST(test_ktls_sendfile); +#if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK) +#if !defined(OPENSSL_NO_TLS1_2) || !defined(OPENSSL_NO_TLS1_3) + ADD_ALL_TESTS(test_ktls, 32); + ADD_ALL_TESTS(test_ktls_sendfile_anytls, 6); +#endif #endif ADD_TEST(test_large_message_tls); ADD_TEST(test_large_message_tls_read_ahead); From openssl at openssl.org Mon Jun 8 11:10:04 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 08 Jun 2020 11:10:04 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1591614604.203239.6355.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: c4683009ad TEST: Adjust test/bioprinttest.c to behave like the testutil routines 66d8bd4b37 TESTUTIL: Adjust the rest of testutil 8dce4aa2d9 TESTUTIL: Separate TAP output and other output by BIO filter 591315297e Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() f5e23fe889 APPS: Remove unnecessary NULL check of uri in load_cert_pass() 0808a75e4d APPS: Make it possible to load_cert() from stdin again 09527c4935 Fix a typo in SSL_CTX_set_session_ticket_cb.pod 7b2d995ed7 Don't downgrade keys in libssl 7fa2b2673e When asked if an ECX key has parameters we should answer "true" 11391da217 Always create a key when importing 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys 0d52ede716 Fix error path in int create_ssl_ctx_pair() b38425393c Implement a test for sigalgs not being present 3cd69b7458 Implement a Filtering Provider d01d375264 Implement OSSL_PROVIDER_get0_provider_ctx() 5f603a280c Enable applications to directly call a provider's query operation 263ff2c9d4 Check that Signature Algorithms are available before using them eca4713913 APPS: Drop interactive mode in the 'openssl' program 987e3a0eed Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md b1c21b27dc fips: add additional algorithms to the FIPS provider. a64a143f31 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=199, Tests=1918, 734 wallclock secs ( 8.08 usr 1.02 sys + 694.30 cusr 45.46 csys = 748.86 CPU) Result: FAIL Makefile:3094: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3092: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Mon Jun 8 12:26:48 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 08 Jun 2020 12:26:48 +0000 Subject: Build failed: openssl master.34792 Message-ID: <20200608122648.1.1F22323D32F44C9D@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jun 8 14:56:35 2020 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 08 Jun 2020 14:56:35 +0000 Subject: Build completed: openssl master.34793 Message-ID: <20200608145635.1.85091BBF53029F83@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Mon Jun 8 21:51:34 2020 From: levitte at openssl.org (Richard Levitte) Date: Mon, 08 Jun 2020 21:51:34 +0000 Subject: [openssl] master update Message-ID: <1591653094.110291.4947.nullmailer@dev.openssl.org> The branch master has been updated via 78215852066d214ded6695a27c997eb0d651c31f (commit) via edf96591650551274c650a48c228d089c4057df9 (commit) via 4ec1463d71db6324abe9c91d2ed9aa1e136c9cb3 (commit) from a6d36303e91b79379da2e2ffaa608dba704d3eb8 (commit) - Log ----------------------------------------------------------------- commit 78215852066d214ded6695a27c997eb0d651c31f Author: Richard Levitte Date: Fri Jun 5 23:40:49 2020 +0200 APPS: Fix 'openssl dhparam' 'dhparam' can't be completely rewritten in terms of EVP_PKEY functions yet, because we lack X9.42 support. However, we do when generating, but forgot to extract a DH pointer with EVP_PKEY_get0_DH(). Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12048) commit edf96591650551274c650a48c228d089c4057df9 Author: Richard Levitte Date: Thu Jun 4 22:34:09 2020 +0200 APPS: Fix 'openssl dsaparam -genkey' Using a parameter EVP_PKEY for key generation with EVP_PKEY routines works a little differently than the raw DSA routines that were used before. While fixing that, clean away all remaining use of the DSA type, which simplifies the code a bit more. Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12048) commit 4ec1463d71db6324abe9c91d2ed9aa1e136c9cb3 Author: Richard Levitte Date: Thu Jun 4 20:05:26 2020 +0200 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info In EVP_PKEY_METHOD code, the backend initializes ctx->keygen_info. With provider side code, it's not possible to reach back into the EVP_PKEY_CTX in the same manner, so we need to make that initialization in the central generation function, EVP_PKEY_gen(). This isn't quite compatible with the idea that keygen_info could have an arbitrary amount of elements, but since all our legacy backends use exactly two elements, that's what we go for. Fixes #12047 Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/12048) ----------------------------------------------------------------------- Summary of changes: apps/dhparam.c | 14 ++++++------ apps/dsaparam.c | 59 ++++++++++++++------------------------------------- crypto/evp/pmeth_gn.c | 16 ++++++++++++++ 3 files changed, 40 insertions(+), 49 deletions(-) diff --git a/apps/dhparam.c b/apps/dhparam.c index 3e5f4095a9..aadf1f2c32 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -84,7 +84,7 @@ const OPTIONS dhparam_options[] = { int dhparam_main(int argc, char **argv) { BIO *in = NULL, *out = NULL; - DH *dh = NULL; + DH *dh = NULL, *alloc_dh = NULL; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; char *infile = NULL, *outfile = NULL, *prog; @@ -216,7 +216,7 @@ int dhparam_main(int argc, char **argv) goto end; } - dh = DSA_dup_DH(dsa); + dh = alloc_dh = DSA_dup_DH(dsa); DSA_free(dsa); BN_GENCB_free(cb); if (dh == NULL) { @@ -256,6 +256,7 @@ int dhparam_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } + dh = EVP_PKEY_get0_DH(pkey); } } else { in = bio_open_default(infile, 'r', informat); @@ -277,7 +278,7 @@ int dhparam_main(int argc, char **argv) goto end; } - dh = DSA_dup_DH(dsa); + dh = alloc_dh = DSA_dup_DH(dsa); DSA_free(dsa); if (dh == NULL) { ERR_print_errors(bio_err); @@ -291,13 +292,13 @@ int dhparam_main(int argc, char **argv) * We have no PEM header to determine what type of DH params it * is. We'll just try both. */ - dh = ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, in, NULL); + dh = alloc_dh = ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, in, NULL); /* BIO_reset() returns 0 for success for file BIOs only!!! */ if (dh == NULL && BIO_reset(in) == 0) - dh = ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, in, NULL); + dh = alloc_dh = ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, in, NULL); } else { /* informat == FORMAT_PEM */ - dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); + dh = alloc_dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); } if (dh == NULL) { @@ -389,6 +390,7 @@ int dhparam_main(int argc, char **argv) } ret = 0; end: + DH_free(alloc_dh); BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 9b73a31c30..19cb1bdd46 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -66,9 +66,8 @@ const OPTIONS dsaparam_options[] = { int dsaparam_main(int argc, char **argv) { ENGINE *e = NULL; - DSA *dsa = NULL; BIO *in = NULL, *out = NULL; - EVP_PKEY *pkey = NULL; + EVP_PKEY *params = NULL, *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; int numbits = -1, num = 0, genkey = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0; @@ -181,51 +180,34 @@ int dsaparam_main(int argc, char **argv) "Error, DSA key generation setting bit length failed\n"); goto end; } - if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) { + if (EVP_PKEY_paramgen(ctx, ¶ms) <= 0) { ERR_print_errors(bio_err); BIO_printf(bio_err, "Error, DSA key generation failed\n"); goto end; } - dsa = EVP_PKEY_get1_DSA(pkey); - if (dsa == NULL) { - ERR_print_errors(bio_err); - BIO_printf(bio_err, "Error, DSA key extraction failed\n"); - goto end; - } } else if (informat == FORMAT_ASN1) { - dsa = d2i_DSAparams_bio(in, NULL); + params = d2i_KeyParams_bio(EVP_PKEY_DSA, NULL, in); } else { - dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); + params = PEM_read_bio_Parameters(in, NULL); } - if (dsa == NULL) { + if (params == NULL) { BIO_printf(bio_err, "unable to load DSA parameters\n"); ERR_print_errors(bio_err); goto end; } - if (pkey == NULL) { - pkey = EVP_PKEY_new(); - if (pkey == NULL) { - BIO_printf(bio_err, "Error, unable to allocate PKEY object\n"); - ERR_print_errors(bio_err); - goto end; - } - if (!EVP_PKEY_set1_DSA(pkey, dsa)) { - BIO_printf(bio_err, "Error, unable to set DSA parameters\n"); - ERR_print_errors(bio_err); - goto end; - } - } if (text) { - EVP_PKEY_print_params(out, pkey, 0, NULL); + EVP_PKEY_print_params(out, params, 0, NULL); } if (C) { - const BIGNUM *p = NULL, *q = NULL, *g = NULL; + BIGNUM *p = NULL, *q = NULL, *g = NULL; unsigned char *data; int len, bits_p; - DSA_get0_pqg(dsa, &p, &q, &g); + EVP_PKEY_get_bn_param(params, "p", &p); + EVP_PKEY_get_bn_param(params, "q", &q); + EVP_PKEY_get_bn_param(params, "g", &g); len = BN_num_bytes(p); bits_p = BN_num_bits(p); @@ -261,9 +243,9 @@ int dsaparam_main(int argc, char **argv) if (!noout) { if (outformat == FORMAT_ASN1) - i = i2d_DSAparams_bio(out, dsa); + i = i2d_KeyParams_bio(out, params); else - i = PEM_write_bio_DSAparams(out, dsa); + i = PEM_write_bio_Parameters(out, params); if (!i) { BIO_printf(bio_err, "unable to write DSA parameters\n"); ERR_print_errors(bio_err); @@ -271,10 +253,8 @@ int dsaparam_main(int argc, char **argv) } } if (genkey) { - DSA *dsakey; - EVP_PKEY_CTX_free(ctx); - ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL); + ctx = EVP_PKEY_CTX_new(params, NULL); if (ctx == NULL) { ERR_print_errors(bio_err); BIO_printf(bio_err, @@ -291,18 +271,11 @@ int dsaparam_main(int argc, char **argv) ERR_print_errors(bio_err); goto end; } - dsakey = EVP_PKEY_get0_DSA(pkey); - if (dsakey == NULL) { - BIO_printf(bio_err, "unable to extract generated key\n"); - ERR_print_errors(bio_err); - goto end; - } assert(private); if (outformat == FORMAT_ASN1) - i = i2d_DSAPrivateKey_bio(out, dsakey); + i = i2d_PrivateKey_bio(out, pkey); else - i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL, - NULL); + i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL); } ret = 0; end: @@ -310,7 +283,7 @@ int dsaparam_main(int argc, char **argv) BIO_free_all(out); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); - DSA_free(dsa); + EVP_PKEY_free(params); release_engine(e); return ret; } diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index fb861d2487..411f270b49 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -144,6 +144,8 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) int ret = 0; OSSL_CALLBACK cb; EVP_PKEY *allocated_pkey = NULL; + /* Legacy compatible keygen callback info, only used with provider impls */ + int gentmp[2]; if (ppkey == NULL) return -1; @@ -165,6 +167,18 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) if (ctx->op.keymgmt.genctx == NULL) goto legacy; + /* + * Asssigning gentmp to ctx->keygen_info is something our legacy + * implementations do. Because the provider implementations aren't + * allowed to reach into our EVP_PKEY_CTX, we need to provide similar + * space for backward compatibility. It's ok that we attach a local + * variable, as it should only be useful in the calls down from here. + * This is cleared as soon as it isn't useful any more, i.e. directly + * after the evp_keymgmt_util_gen() call. + */ + ctx->keygen_info = gentmp; + ctx->keygen_info_count = 2; + ret = 1; if (ctx->pkey != NULL) { EVP_KEYMGMT *tmp_keymgmt = ctx->keymgmt; @@ -191,6 +205,8 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) ossl_callback_to_pkey_gencb, ctx) != NULL); + ctx->keygen_info = NULL; + #ifndef FIPS_MODULE /* In case |*ppkey| was originally a legacy key */ if (ret) From openssl at openssl.org Tue Jun 9 01:56:47 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Jun 2020 01:56:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1591667807.276834.22808.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: c4683009ad TEST: Adjust test/bioprinttest.c to behave like the testutil routines 66d8bd4b37 TESTUTIL: Adjust the rest of testutil 8dce4aa2d9 TESTUTIL: Separate TAP output and other output by BIO filter 591315297e Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() f5e23fe889 APPS: Remove unnecessary NULL check of uri in load_cert_pass() 0808a75e4d APPS: Make it possible to load_cert() from stdin again 09527c4935 Fix a typo in SSL_CTX_set_session_ticket_cb.pod 7b2d995ed7 Don't downgrade keys in libssl 7fa2b2673e When asked if an ECX key has parameters we should answer "true" 11391da217 Always create a key when importing 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys 0d52ede716 Fix error path in int create_ssl_ctx_pair() b38425393c Implement a test for sigalgs not being present 3cd69b7458 Implement a Filtering Provider d01d375264 Implement OSSL_PROVIDER_get0_provider_ctx() 5f603a280c Enable applications to directly call a provider's query operation 263ff2c9d4 Check that Signature Algorithms are available before using them eca4713913 APPS: Drop interactive mode in the 'openssl' program 987e3a0eed Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md b1c21b27dc fips: add additional algorithms to the FIPS provider. a64a143f31 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-core_numbers.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4071: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3046: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Tue Jun 9 06:27:28 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Jun 2020 06:27:28 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1591684048.309426.9624.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: c4683009ad TEST: Adjust test/bioprinttest.c to behave like the testutil routines 66d8bd4b37 TESTUTIL: Adjust the rest of testutil 8dce4aa2d9 TESTUTIL: Separate TAP output and other output by BIO filter 591315297e Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() f5e23fe889 APPS: Remove unnecessary NULL check of uri in load_cert_pass() 0808a75e4d APPS: Make it possible to load_cert() from stdin again 09527c4935 Fix a typo in SSL_CTX_set_session_ticket_cb.pod 7b2d995ed7 Don't downgrade keys in libssl 7fa2b2673e When asked if an ECX key has parameters we should answer "true" 11391da217 Always create a key when importing 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys 0d52ede716 Fix error path in int create_ssl_ctx_pair() b38425393c Implement a test for sigalgs not being present 3cd69b7458 Implement a Filtering Provider d01d375264 Implement OSSL_PROVIDER_get0_provider_ctx() 5f603a280c Enable applications to directly call a provider's query operation 263ff2c9d4 Check that Signature Algorithms are available before using them eca4713913 APPS: Drop interactive mode in the 'openssl' program 987e3a0eed Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md b1c21b27dc fips: add additional algorithms to the FIPS provider. a64a143f31 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4076: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3051: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Tue Jun 9 08:51:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Jun 2020 08:51:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1591692715.536049.29542.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: c4683009ad TEST: Adjust test/bioprinttest.c to behave like the testutil routines 66d8bd4b37 TESTUTIL: Adjust the rest of testutil 8dce4aa2d9 TESTUTIL: Separate TAP output and other output by BIO filter 591315297e Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() f5e23fe889 APPS: Remove unnecessary NULL check of uri in load_cert_pass() 0808a75e4d APPS: Make it possible to load_cert() from stdin again 09527c4935 Fix a typo in SSL_CTX_set_session_ticket_cb.pod 7b2d995ed7 Don't downgrade keys in libssl 7fa2b2673e When asked if an ECX key has parameters we should answer "true" 11391da217 Always create a key when importing 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys 0d52ede716 Fix error path in int create_ssl_ctx_pair() b38425393c Implement a test for sigalgs not being present 3cd69b7458 Implement a Filtering Provider d01d375264 Implement OSSL_PROVIDER_get0_provider_ctx() 5f603a280c Enable applications to directly call a provider's query operation 263ff2c9d4 Check that Signature Algorithms are available before using them eca4713913 APPS: Drop interactive mode in the 'openssl' program 987e3a0eed Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md b1c21b27dc fips: add additional algorithms to the FIPS provider. a64a143f31 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Build log ended with (last 100 lines): clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-list.d.tmp -MT apps/openssl-bin-list.o -c -o apps/openssl-bin-list.o ../openssl/apps/list.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-mac.d.tmp -MT apps/openssl-bin-mac.o -c -o apps/openssl-bin-mac.o ../openssl/apps/mac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-nseq.d.tmp -MT apps/openssl-bin-nseq.o -c -o apps/openssl-bin-nseq.o ../openssl/apps/nseq.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-ocsp.d.tmp -MT apps/openssl-bin-ocsp.o -c -o apps/openssl-bin-ocsp.o ../openssl/apps/ocsp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-openssl.d.tmp -MT apps/openssl-bin-openssl.o -c -o apps/openssl-bin-openssl.o ../openssl/apps/openssl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-passwd.d.tmp -MT apps/openssl-bin-passwd.o -c -o apps/openssl-bin-passwd.o ../openssl/apps/passwd.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs12.d.tmp -MT apps/openssl-bin-pkcs12.o -c -o apps/openssl-bin-pkcs12.o ../openssl/apps/pkcs12.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs7.d.tmp -MT apps/openssl-bin-pkcs7.o -c -o apps/openssl-bin-pkcs7.o ../openssl/apps/pkcs7.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs8.d.tmp -MT apps/openssl-bin-pkcs8.o -c -o apps/openssl-bin-pkcs8.o ../openssl/apps/pkcs8.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkey.d.tmp -MT apps/openssl-bin-pkey.o -c -o apps/openssl-bin-pkey.o ../openssl/apps/pkey.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyparam.d.tmp -MT apps/openssl-bin-pkeyparam.o -c -o apps/openssl-bin-pkeyparam.o ../openssl/apps/pkeyparam.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyutl.d.tmp -MT apps/openssl-bin-pkeyutl.o -c -o apps/openssl-bin-pkeyutl.o ../openssl/apps/pkeyutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-prime.d.tmp -MT apps/openssl-bin-prime.o -c -o apps/openssl-bin-prime.o ../openssl/apps/prime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-progs.d.tmp -MT apps/openssl-bin-progs.o -c -o apps/openssl-bin-progs.o apps/progs.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-provider.d.tmp -MT apps/openssl-bin-provider.o -c -o apps/openssl-bin-provider.o ../openssl/apps/provider.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rand.d.tmp -MT apps/openssl-bin-rand.o -c -o apps/openssl-bin-rand.o ../openssl/apps/rand.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rehash.d.tmp -MT apps/openssl-bin-rehash.o -c -o apps/openssl-bin-rehash.o ../openssl/apps/rehash.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-req.d.tmp -MT apps/openssl-bin-req.o -c -o apps/openssl-bin-req.o ../openssl/apps/req.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsa.d.tmp -MT apps/openssl-bin-rsa.o -c -o apps/openssl-bin-rsa.o ../openssl/apps/rsa.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsautl.d.tmp -MT apps/openssl-bin-rsautl.o -c -o apps/openssl-bin-rsautl.o ../openssl/apps/rsautl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_client.d.tmp -MT apps/openssl-bin-s_client.o -c -o apps/openssl-bin-s_client.o ../openssl/apps/s_client.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_server.d.tmp -MT apps/openssl-bin-s_server.o -c -o apps/openssl-bin-s_server.o ../openssl/apps/s_server.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_time.d.tmp -MT apps/openssl-bin-s_time.o -c -o apps/openssl-bin-s_time.o ../openssl/apps/s_time.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-sess_id.d.tmp -MT apps/openssl-bin-sess_id.o -c -o apps/openssl-bin-sess_id.o ../openssl/apps/sess_id.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-smime.d.tmp -MT apps/openssl-bin-smime.o -c -o apps/openssl-bin-smime.o ../openssl/apps/smime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-speed.d.tmp -MT apps/openssl-bin-speed.o -c -o apps/openssl-bin-speed.o ../openssl/apps/speed.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-spkac.d.tmp -MT apps/openssl-bin-spkac.o -c -o apps/openssl-bin-spkac.o ../openssl/apps/spkac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-srp.d.tmp -MT apps/openssl-bin-srp.o -c -o apps/openssl-bin-srp.o ../openssl/apps/srp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-storeutl.d.tmp -MT apps/openssl-bin-storeutl.o -c -o apps/openssl-bin-storeutl.o ../openssl/apps/storeutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-verify.d.tmp -MT apps/openssl-bin-verify.o -c -o apps/openssl-bin-verify.o ../openssl/apps/verify.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-version.d.tmp -MT apps/openssl-bin-version.o -c -o apps/openssl-bin-version.o ../openssl/apps/version.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-x509.d.tmp -MT apps/openssl-bin-x509.o -c -o apps/openssl-bin-x509.o ../openssl/apps/x509.c rm -f fuzz/cmp-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o fuzz/cmp-test \ fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-test-corpus.o \ libcrypto.a -ldl -pthread rm -f test/asn1_dsa_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_dsa_internal_test \ test/asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/asn1_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_internal_test \ test/asn1_internal_test-bin-asn1_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/bn_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/bn_internal_test \ test/bn_internal_test-bin-bn_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22813: recipe for target 'fuzz/cmp-test' failed make[1]: *** [fuzz/cmp-test] Error 1 make[1]: *** Waiting for unfinished jobs.... clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23034: recipe for target 'test/asn1_dsa_internal_test' failed make[1]: *** [test/asn1_dsa_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23064: recipe for target 'test/asn1_internal_test' failed make[1]: *** [test/asn1_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23262: recipe for target 'test/bn_internal_test' failed make[1]: *** [test/bn_internal_test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ts' Makefile:3032: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From tmraz at fedoraproject.org Tue Jun 9 10:16:41 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 09 Jun 2020 10:16:41 +0000 Subject: [openssl] master update Message-ID: <1591697801.465845.27687.nullmailer@dev.openssl.org> The branch master has been updated via 7646610b6a2c53ae50ed453c88291c23630e7850 (commit) from 78215852066d214ded6695a27c997eb0d651c31f (commit) - Log ----------------------------------------------------------------- commit 7646610b6a2c53ae50ed453c88291c23630e7850 Author: Hubert Kario Date: Fri Jun 5 20:21:55 2020 +0200 use safe primes in ssl_get_auto_dh() DH_get_1024_160() and DH_get_2048_224() return parameters from RFC5114. Those parameters include primes with known small subgroups, making them unsafe. Change the code to use parameters from RFC 2409 and RFC 3526 instead (group 2 and 14 respectively). This patch also adds automatic selection of 4096 bit params for 4096 bit RSA keys Signed-off-by: Hubert Kario Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12061) ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 74 +++++++++++++++++++++++++++++++----------------------------- 1 file changed, 38 insertions(+), 36 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 68bd5f2611..89450943d1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2646,46 +2646,48 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) #ifndef OPENSSL_NO_DH DH *ssl_get_auto_dh(SSL *s) { + DH *dhp; + BIGNUM *p, *g; int dh_secbits = 80; - if (s->cert->dh_tmp_auto == 2) - return DH_get_1024_160(); - if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { - if (s->s3.tmp.new_cipher->strength_bits == 256) - dh_secbits = 128; - else - dh_secbits = 80; - } else { - if (s->s3.tmp.cert == NULL) - return NULL; - dh_secbits = EVP_PKEY_security_bits(s->s3.tmp.cert->privatekey); + if (s->cert->dh_tmp_auto != 2) { + if (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { + if (s->s3.tmp.new_cipher->strength_bits == 256) + dh_secbits = 128; + else + dh_secbits = 80; + } else { + if (s->s3.tmp.cert == NULL) + return NULL; + dh_secbits = EVP_PKEY_security_bits(s->s3.tmp.cert->privatekey); + } } - if (dh_secbits >= 128) { - DH *dhp = DH_new(); - BIGNUM *p, *g; - if (dhp == NULL) - return NULL; - g = BN_new(); - if (g == NULL || !BN_set_word(g, 2)) { - DH_free(dhp); - BN_free(g); - return NULL; - } - if (dh_secbits >= 192) - p = BN_get_rfc3526_prime_8192(NULL); - else - p = BN_get_rfc3526_prime_3072(NULL); - if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { - DH_free(dhp); - BN_free(p); - BN_free(g); - return NULL; - } - return dhp; + dhp = DH_new(); + if (dhp == NULL) + return NULL; + g = BN_new(); + if (g == NULL || !BN_set_word(g, 2)) { + DH_free(dhp); + BN_free(g); + return NULL; + } + if (dh_secbits >= 192) + p = BN_get_rfc3526_prime_8192(NULL); + else if (dh_secbits >= 152) + p = BN_get_rfc3526_prime_4096(NULL); + else if (dh_secbits >= 128) + p = BN_get_rfc3526_prime_3072(NULL); + else if (dh_secbits >= 112) + p = BN_get_rfc3526_prime_2048(NULL); + else + p = BN_get_rfc2409_prime_1024(NULL); + if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { + DH_free(dhp); + BN_free(p); + BN_free(g); + return NULL; } - if (dh_secbits >= 112) - return DH_get_2048_224(); - return DH_get_1024_160(); + return dhp; } #endif From dev at ddvo.net Tue Jun 9 10:14:27 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 09 Jun 2020 10:14:27 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1591697667.906360.26367.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 7f699cb663741a73cfe95214d4a39a1078c94294 (commit) via 46fe1c7caee1442ead1f7c780e5c50045a00f76e (commit) from 49eebbc408535e8670cb62ea661b696ec5819f15 (commit) - Log ----------------------------------------------------------------- commit 7f699cb663741a73cfe95214d4a39a1078c94294 Author: Dr. David von Oheimb Date: Wed Jun 3 07:49:27 2020 +0200 Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address Reviewed-by: Bernd Edlinger Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12036) commit 46fe1c7caee1442ead1f7c780e5c50045a00f76e Author: Dr. David von Oheimb Date: Wed Jun 3 21:38:20 2020 +0200 Replace BUF_strdup() call by OPENSSL_strdup() adding failure check in bss_acpt.c Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c Reviewed-by: Bernd Edlinger Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12036) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_acpt.c | 6 ++++-- crypto/bio/bss_conn.c | 25 ++++++++++++++++++------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 5a2cb50dfc..4461eae233 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -434,8 +434,10 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) b->init = 1; } else if (num == 1) { OPENSSL_free(data->param_serv); - data->param_serv = BUF_strdup(ptr); - b->init = 1; + if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + else + b->init = 1; } else if (num == 2) { data->bind_mode |= BIO_SOCK_NONBLOCK; } else if (num == 3) { diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index f4c6b85728..807a82b23b 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -416,12 +416,13 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_SET_CONNECT: if (ptr != NULL) { b->init = 1; - if (num == 0) { + if (num == 0) { /* BIO_set_conn_hostname */ char *hold_service = data->param_service; /* We affect the hostname regardless. However, the input * string might contain a host:service spec, so we must * parse it, which might or might not affect the service */ + OPENSSL_free(data->param_hostname); data->param_hostname = NULL; ret = BIO_parse_hostserv(ptr, @@ -430,19 +431,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_PARSE_PRIO_HOST); if (hold_service != data->param_service) OPENSSL_free(hold_service); - } else if (num == 1) { + } else if (num == 1) { /* BIO_set_conn_port */ OPENSSL_free(data->param_service); - data->param_service = BUF_strdup(ptr); - } else if (num == 2) { + if ((data->param_service = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + } else if (num == 2) { /* BIO_set_conn_address */ const BIO_ADDR *addr = (const BIO_ADDR *)ptr; + char *host = BIO_ADDR_hostname_string(addr, 1); + char *service = BIO_ADDR_service_string(addr, 1); + + ret = host != NULL && service != NULL; if (ret) { - data->param_hostname = BIO_ADDR_hostname_string(addr, 1); - data->param_service = BIO_ADDR_service_string(addr, 1); + OPENSSL_free(data->param_hostname); + data->param_hostname = host; + OPENSSL_free(data->param_service); + data->param_service = service; BIO_ADDRINFO_free(data->addr_first); data->addr_first = NULL; data->addr_iter = NULL; + } else { + OPENSSL_free(host); + OPENSSL_free(service); } - } else if (num == 3) { + } else if (num == 3) { /* BIO_set_conn_ip_family */ data->connect_family = *(int *)ptr; } else { ret = 0; From tmraz at fedoraproject.org Tue Jun 9 12:12:06 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 09 Jun 2020 12:12:06 +0000 Subject: [openssl] master update Message-ID: <1591704726.134450.8590.nullmailer@dev.openssl.org> The branch master has been updated via cd4afec69f13e283f74d59f1c97e15db6803bdcb (commit) via 11d3235e2b5a1dc9f48c040b1f1b6bea86ffc745 (commit) from 7646610b6a2c53ae50ed453c88291c23630e7850 (commit) - Log ----------------------------------------------------------------- commit cd4afec69f13e283f74d59f1c97e15db6803bdcb Author: Tomas Mraz Date: Fri Jun 5 10:50:25 2020 +0200 Add a test for renegotiation with EXTMS dropped Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12045) commit 11d3235e2b5a1dc9f48c040b1f1b6bea86ffc745 Author: Tomas Mraz Date: Thu Jun 4 11:40:29 2020 +0200 Do not allow dropping Extended Master Secret extension on renegotiaton Abort renegotiation if server receives client hello with Extended Master Secret extension dropped in comparison to the initial session. Fixes #9754 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12045) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 5 +++++ include/openssl/ssl3.h | 3 +++ ssl/statem/extensions.c | 15 ++++++++++++++- test/handshake_helper.c | 12 ++++++++++-- test/ssl-tests/17-renegotiate.cnf | 35 ++++++++++++++++++++++++++++++++++- test/ssl-tests/17-renegotiate.cnf.in | 18 ++++++++++++++++++ test/ssl_test_ctx.c | 2 ++ test/ssl_test_ctx.h | 2 ++ 8 files changed, 88 insertions(+), 4 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index ca60b9c2e4..24fb86fddb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,11 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * Handshake now fails if Extended Master Secret extension is dropped + on renegotiation. + + *Tomas Mraz* + * Dropped interactive mode from the 'openssl' program. From now on, the `openssl` command without arguments is equivalent to `openssl help`. diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 664ad238ff..9fc6b3abcb 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -297,6 +297,9 @@ extern "C" { # define TLS1_FLAGS_STATELESS 0x0800 +/* Set if extended master secret extension required on renegotiation */ +# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 + # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 # define SSL3_MT_SERVER_HELLO 2 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 3c023486da..9086348618 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1169,13 +1169,26 @@ static int init_etm(SSL *s, unsigned int context) static int init_ems(SSL *s, unsigned int context) { - s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + if (s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) { + s->s3.flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + s->s3.flags |= TLS1_FLAGS_REQUIRED_EXTMS; + } return 1; } static int final_ems(SSL *s, unsigned int context, int sent) { + /* + * Check extended master secret extension is not dropped on + * renegotiation. + */ + if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) + && (s->s3.flags & TLS1_FLAGS_REQUIRED_EXTMS)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, + SSL_R_INCONSISTENT_EXTMS); + return 0; + } if (!s->server && s->hit) { /* * Check extended master secret extension is consistent with diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 32aa12c466..030073289a 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -938,16 +938,24 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) if (SSL_is_server(peer->ssl)) { ret = SSL_renegotiate(peer->ssl); } else { + int full_reneg = 0; + + if (test_ctx->extra.client.no_extms_on_reneg) { + SSL_set_options(peer->ssl, SSL_OP_NO_EXTENDED_MASTER_SECRET); + full_reneg = 1; + } if (test_ctx->extra.client.reneg_ciphers != NULL) { if (!SSL_set_cipher_list(peer->ssl, test_ctx->extra.client.reneg_ciphers)) { peer->status = PEER_ERROR; return; } + full_reneg = 1; + } + if (full_reneg) ret = SSL_renegotiate(peer->ssl); - } else { + else ret = SSL_renegotiate_abbreviated(peer->ssl); - } } if (!ret) { peer->status = PEER_ERROR; diff --git a/test/ssl-tests/17-renegotiate.cnf b/test/ssl-tests/17-renegotiate.cnf index 12cf791310..ac826af187 100644 --- a/test/ssl-tests/17-renegotiate.cnf +++ b/test/ssl-tests/17-renegotiate.cnf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 14 +num_tests = 15 test-0 = 0-renegotiate-client-no-resume test-1 = 1-renegotiate-client-resume @@ -16,6 +16,7 @@ test-10 = 10-no-renegotiation-server-by-client test-11 = 11-no-renegotiation-server-by-server test-12 = 12-no-renegotiation-client-by-server test-13 = 13-no-renegotiation-client-by-client +test-14 = 14-no-extms-on-renegotiation # =========================================================== [0-renegotiate-client-no-resume] @@ -430,3 +431,35 @@ Method = TLS ResumptionExpected = No +# =========================================================== + +[14-no-extms-on-renegotiation] +ssl_conf = 14-no-extms-on-renegotiation-ssl + +[14-no-extms-on-renegotiation-ssl] +server = 14-no-extms-on-renegotiation-server +client = 14-no-extms-on-renegotiation-client + +[14-no-extms-on-renegotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[14-no-extms-on-renegotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-14] +ExpectedResult = ServerFail +HandshakeMode = RenegotiateClient +Method = TLS +ResumptionExpected = No +client = 14-no-extms-on-renegotiation-client-extra + +[14-no-extms-on-renegotiation-client-extra] +RenegotiateNoExtms = Yes + + diff --git a/test/ssl-tests/17-renegotiate.cnf.in b/test/ssl-tests/17-renegotiate.cnf.in index 2cc2181532..ff3f74906a 100644 --- a/test/ssl-tests/17-renegotiate.cnf.in +++ b/test/ssl-tests/17-renegotiate.cnf.in @@ -243,6 +243,24 @@ our @tests_tls1_2 = ( "ResumptionExpected" => "No", "ExpectedResult" => "ClientFail" } + }, + { + name => "no-extms-on-renegotiation", + server => { + "MaxProtocol" => "TLSv1.2" + }, + client => { + "MaxProtocol" => "TLSv1.2", + extra => { + "RenegotiateNoExtms" => "Yes" + } + }, + test => { + "Method" => "TLS", + "HandshakeMode" => "RenegotiateClient", + "ResumptionExpected" => "No", + "ExpectedResult" => "ServerFail" + } } ); diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index aee9773bf8..31da26b0d7 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -638,6 +638,7 @@ IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_cipher) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, enable_pha) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, force_pha) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, no_extms_on_reneg) /* Known test options and their corresponding parse methods. */ @@ -697,6 +698,7 @@ static const ssl_test_client_option ssl_test_client_options[] = { { "SRPPassword", &parse_client_srp_password }, { "MaxFragmentLenExt", &parse_max_fragment_len_mode }, { "EnablePHA", &parse_client_enable_pha }, + { "RenegotiateNoExtms", &parse_client_no_extms_on_reneg }, }; /* Nested server options. */ diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h index 29a989abc8..d08c415fd2 100644 --- a/test/ssl_test_ctx.h +++ b/test/ssl_test_ctx.h @@ -110,6 +110,8 @@ typedef struct { char *srp_password; /* PHA enabled */ int enable_pha; + /* Do not send extms on renegotiation */ + int no_extms_on_reneg; } SSL_TEST_CLIENT_CONF; typedef struct { From openssl at openssl.org Tue Jun 9 12:26:58 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Jun 2020 12:26:58 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1591705618.203690.11652.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: c4683009ad TEST: Adjust test/bioprinttest.c to behave like the testutil routines 66d8bd4b37 TESTUTIL: Adjust the rest of testutil 8dce4aa2d9 TESTUTIL: Separate TAP output and other output by BIO filter 591315297e Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() f5e23fe889 APPS: Remove unnecessary NULL check of uri in load_cert_pass() 0808a75e4d APPS: Make it possible to load_cert() from stdin again 09527c4935 Fix a typo in SSL_CTX_set_session_ticket_cb.pod 7b2d995ed7 Don't downgrade keys in libssl 7fa2b2673e When asked if an ECX key has parameters we should answer "true" 11391da217 Always create a key when importing 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys 0d52ede716 Fix error path in int create_ssl_ctx_pair() b38425393c Implement a test for sigalgs not being present 3cd69b7458 Implement a Filtering Provider d01d375264 Implement OSSL_PROVIDER_get0_provider_ctx() 5f603a280c Enable applications to directly call a provider's query operation 263ff2c9d4 Check that Signature Algorithms are available before using them eca4713913 APPS: Drop interactive mode in the 'openssl' program 987e3a0eed Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md b1c21b27dc fips: add additional algorithms to the FIPS provider. a64a143f31 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=199, Tests=1991, 702 wallclock secs ( 7.68 usr 1.00 sys + 663.94 cusr 44.91 csys = 717.53 CPU) Result: FAIL Makefile:3082: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3080: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jun 9 14:47:50 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Jun 2020 14:47:50 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1591714070.329065.6159.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: c4683009ad TEST: Adjust test/bioprinttest.c to behave like the testutil routines 66d8bd4b37 TESTUTIL: Adjust the rest of testutil 8dce4aa2d9 TESTUTIL: Separate TAP output and other output by BIO filter 591315297e Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() f5e23fe889 APPS: Remove unnecessary NULL check of uri in load_cert_pass() 0808a75e4d APPS: Make it possible to load_cert() from stdin again 09527c4935 Fix a typo in SSL_CTX_set_session_ticket_cb.pod 7b2d995ed7 Don't downgrade keys in libssl 7fa2b2673e When asked if an ECX key has parameters we should answer "true" 11391da217 Always create a key when importing 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys 0d52ede716 Fix error path in int create_ssl_ctx_pair() b38425393c Implement a test for sigalgs not being present 3cd69b7458 Implement a Filtering Provider d01d375264 Implement OSSL_PROVIDER_get0_provider_ctx() 5f603a280c Enable applications to directly call a provider's query operation 263ff2c9d4 Check that Signature Algorithms are available before using them eca4713913 APPS: Drop interactive mode in the 'openssl' program 987e3a0eed Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md b1c21b27dc fips: add additional algorithms to the FIPS provider. a64a143f31 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=199, Tests=1993, 653 wallclock secs ( 7.04 usr 0.99 sys + 624.45 cusr 34.97 csys = 667.45 CPU) Result: FAIL Makefile:3089: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3087: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jun 9 16:53:43 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Jun 2020 16:53:43 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1591721623.034052.32401.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: c4683009ad TEST: Adjust test/bioprinttest.c to behave like the testutil routines 66d8bd4b37 TESTUTIL: Adjust the rest of testutil 8dce4aa2d9 TESTUTIL: Separate TAP output and other output by BIO filter 591315297e Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() f5e23fe889 APPS: Remove unnecessary NULL check of uri in load_cert_pass() 0808a75e4d APPS: Make it possible to load_cert() from stdin again 09527c4935 Fix a typo in SSL_CTX_set_session_ticket_cb.pod 7b2d995ed7 Don't downgrade keys in libssl 7fa2b2673e When asked if an ECX key has parameters we should answer "true" 11391da217 Always create a key when importing 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys 0d52ede716 Fix error path in int create_ssl_ctx_pair() b38425393c Implement a test for sigalgs not being present 3cd69b7458 Implement a Filtering Provider d01d375264 Implement OSSL_PROVIDER_get0_provider_ctx() 5f603a280c Enable applications to directly call a provider's query operation 263ff2c9d4 Check that Signature Algorithms are available before using them eca4713913 APPS: Drop interactive mode in the 'openssl' program 987e3a0eed Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md b1c21b27dc fips: add additional algorithms to the FIPS provider. a64a143f31 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=199, Tests=1993, 718 wallclock secs ( 7.96 usr 1.08 sys + 680.07 cusr 45.34 csys = 734.45 CPU) Result: FAIL Makefile:3086: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3084: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jun 9 17:35:24 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 09 Jun 2020 17:35:24 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1591724124.209446.8663.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: c4683009ad TEST: Adjust test/bioprinttest.c to behave like the testutil routines 66d8bd4b37 TESTUTIL: Adjust the rest of testutil 8dce4aa2d9 TESTUTIL: Separate TAP output and other output by BIO filter 591315297e Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() f5e23fe889 APPS: Remove unnecessary NULL check of uri in load_cert_pass() 0808a75e4d APPS: Make it possible to load_cert() from stdin again 09527c4935 Fix a typo in SSL_CTX_set_session_ticket_cb.pod 7b2d995ed7 Don't downgrade keys in libssl 7fa2b2673e When asked if an ECX key has parameters we should answer "true" 11391da217 Always create a key when importing 6a9bd9298b Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys 0d52ede716 Fix error path in int create_ssl_ctx_pair() b38425393c Implement a test for sigalgs not being present 3cd69b7458 Implement a Filtering Provider d01d375264 Implement OSSL_PROVIDER_get0_provider_ctx() 5f603a280c Enable applications to directly call a provider's query operation 263ff2c9d4 Check that Signature Algorithms are available before using them eca4713913 APPS: Drop interactive mode in the 'openssl' program 987e3a0eed Announce renamed EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters() in CHANGES.md b1c21b27dc fips: add additional algorithms to the FIPS provider. a64a143f31 Minor doc fix for EVP_PKEY_CTX_new_from_pkey Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=199, Tests=1915, 669 wallclock secs ( 6.58 usr 1.09 sys + 634.23 cusr 40.48 csys = 682.38 CPU) Result: FAIL Makefile:3094: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3092: recipe for target 'tests' failed make: *** [tests] Error 2 From shane.lontis at oracle.com Tue Jun 9 23:01:21 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Tue, 09 Jun 2020 23:01:21 +0000 Subject: [openssl] master update Message-ID: <1591743681.983131.5229.nullmailer@dev.openssl.org> The branch master has been updated via 8bf37709a471bb31d2e1f5b4b3796fb3e6dce4df (commit) from cd4afec69f13e283f74d59f1c97e15db6803bdcb (commit) - Log ----------------------------------------------------------------- commit 8bf37709a471bb31d2e1f5b4b3796fb3e6dce4df Author: Shane Lontis Date: Wed Jun 10 08:59:56 2020 +1000 Update RSA keygen to use sp800-56b by default Fixes #11742 Fixes #11764 The newer RSA sp800-56b algorithm is being used for the normal case of a non multiprime key of at least length 2048. Insecure key lengths and mutltiprime RSA will use the old method. Bad public exponents are no longer allowed (i.e values less than 65537 or even). Values such as 2 that would cause a infinite loop now result in an error. The value of 3 has been marked as deprecated but is still allowed for legacy purposes. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11765) ----------------------------------------------------------------------- Summary of changes: apps/genrsa.c | 15 +++++++++++---- crypto/rsa/rsa_gen.c | 40 +++++++++++++++++++++++++++++++--------- crypto/rsa/rsa_sp800_56b_check.c | 22 ++++++++++++++++++++-- crypto/rsa/rsa_sp800_56b_gen.c | 5 +++-- doc/man1/openssl-genrsa.pod.in | 3 ++- doc/man7/EVP_PKEY-RSA.pod | 6 ++++++ include/openssl/rsa.h | 2 +- test/recipes/15-test_genrsa.t | 23 +++++++++++++++++++---- 8 files changed, 93 insertions(+), 23 deletions(-) diff --git a/apps/genrsa.c b/apps/genrsa.c index 44ce42880c..9a9130125e 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -33,7 +33,10 @@ static int genrsa_cb(EVP_PKEY_CTX *ctx); typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_3, OPT_F4, OPT_ENGINE, +#ifndef OPENSSL_NO_DEPRECATED_3_0 + OPT_3, +#endif + OPT_F4, OPT_ENGINE, OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE, OPT_R_ENUM, OPT_PROV_ENUM } OPTION_CHOICE; @@ -48,9 +51,11 @@ const OPTIONS genrsa_options[] = { #endif OPT_SECTION("Input"), - {"3", OPT_3, '-', "Use 3 for the E value"}, - {"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"}, - {"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"}, +#ifndef OPENSSL_NO_DEPRECATED_3_0 + {"3", OPT_3, '-', "(deprecated) Use 3 for the E value"}, +#endif + {"F4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"}, + {"f4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"}, OPT_SECTION("Output"), {"out", OPT_OUT, '>', "Output the key to specified file"}, @@ -100,9 +105,11 @@ opthelp: ret = 0; opt_help(genrsa_options); goto end; +#ifndef OPENSSL_NO_DEPRECATED_3_0 case OPT_3: f4 = RSA_3; break; +#endif case OPT_F4: f4 = RSA_F4; break; diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 5712aa1791..e52bce6355 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -70,16 +70,10 @@ int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, return rsa_keygen(NULL, rsa, bits, primes, e_value, cb, 0); } -static int rsa_keygen(OPENSSL_CTX *libctx, RSA *rsa, int bits, int primes, - BIGNUM *e_value, BN_GENCB *cb, int pairwise_test) +#ifndef FIPS_MODULE +static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes, + BIGNUM *e_value, BN_GENCB *cb) { - int ok = -1; -#ifdef FIPS_MODULE - if (primes != 2) - return 0; - ok = rsa_sp800_56b_generate_key(rsa, bits, e_value, cb); - pairwise_test = 1; /* FIPS MODE needs to always run the pairwise test */ -#else BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *tmp, *prime; int n = 0, bitsr[RSA_MAX_PRIME_NUM], bitse = 0; int i = 0, quo = 0, rmd = 0, adj = 0, retries = 0; @@ -88,6 +82,7 @@ static int rsa_keygen(OPENSSL_CTX *libctx, RSA *rsa, int bits, int primes, BN_CTX *ctx = NULL; BN_ULONG bitst = 0; unsigned long error = 0; + int ok = -1; if (bits < RSA_MIN_MODULUS_BITS) { ok = 0; /* we set our own err */ @@ -95,6 +90,12 @@ static int rsa_keygen(OPENSSL_CTX *libctx, RSA *rsa, int bits, int primes, goto err; } + /* A bad value for e can cause infinite loops */ + if (e_value != NULL && !rsa_check_public_exponent(e_value)) { + RSAerr(0, RSA_R_PUB_EXPONENT_OUT_OF_RANGE); + return 0; + } + if (primes < RSA_DEFAULT_PRIME_NUM || primes > rsa_multip_cap(bits)) { ok = 0; /* we set our own err */ RSAerr(0, RSA_R_KEY_PRIME_NUM_INVALID); @@ -407,8 +408,29 @@ static int rsa_keygen(OPENSSL_CTX *libctx, RSA *rsa, int bits, int primes, } BN_CTX_end(ctx); BN_CTX_free(ctx); + return ok; +} #endif /* FIPS_MODULE */ +static int rsa_keygen(OPENSSL_CTX *libctx, RSA *rsa, int bits, int primes, + BIGNUM *e_value, BN_GENCB *cb, int pairwise_test) +{ + int ok = 0; + + /* + * Only multi-prime keys or insecure keys with a small key length will use + * the older rsa_multiprime_keygen(). + */ + if (primes == 2 && bits >= 2048) + ok = rsa_sp800_56b_generate_key(rsa, bits, e_value, cb); +#ifndef FIPS_MODULE + else + ok = rsa_multiprime_keygen(rsa, bits, primes, e_value, cb); +#endif /* FIPS_MODULE */ + +#ifdef FIPS_MODULE + pairwise_test = 1; /* FIPS MODE needs to always run the pairwise test */ +#endif if (pairwise_test && ok > 0) { OSSL_CALLBACK *stcb = NULL; void *stcbarg = NULL; diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c index 7cf6241dee..df9b7bf054 100644 --- a/crypto/rsa/rsa_sp800_56b_check.c +++ b/crypto/rsa/rsa_sp800_56b_check.c @@ -189,12 +189,30 @@ int rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx) return ret; } +#ifndef FIPS_MODULE +static int bn_is_three(const BIGNUM *bn) +{ + BIGNUM *num = BN_dup(bn); + int ret = (num != NULL && BN_sub_word(num, 3) && BN_is_zero(num)); + + BN_free(num); + return ret; +} +#endif /* FIPS_MODULE */ + /* Check exponent is odd, and has a bitlen ranging from [17..256] */ int rsa_check_public_exponent(const BIGNUM *e) { - int bitlen = BN_num_bits(e); + int bitlen; + + /* For legacy purposes RSA_3 is allowed in non fips mode */ +#ifndef FIPS_MODULE + if (bn_is_three(e)) + return 1; +#endif /* FIPS_MODULE */ - return (BN_is_odd(e) && bitlen > 16 && bitlen < 257); + bitlen = BN_num_bits(e); + return (BN_is_odd(e) && bitlen > 16 && bitlen < 257); } /* diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index c4c7c08e94..d1673d5c98 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -65,7 +65,7 @@ int rsa_fips186_4_gen_prob_primes(RSA *rsa, BIGNUM *p1, BIGNUM *p2, * Signature Generation and Key Agree/Transport. */ if (nbits < RSA_FIPS1864_MIN_KEYGEN_KEYSIZE) { - RSAerr(RSA_F_RSA_FIPS186_4_GEN_PROB_PRIMES, RSA_R_INVALID_KEY_LENGTH); + RSAerr(RSA_F_RSA_FIPS186_4_GEN_PROB_PRIMES, RSA_R_KEY_SIZE_TOO_SMALL); return 0; } @@ -146,12 +146,13 @@ err: int rsa_sp800_56b_validate_strength(int nbits, int strength) { int s = (int)ifc_ffc_compute_security_bits(nbits); - +#ifdef FIPS_MODULE if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH || s > RSA_FIPS1864_MAX_KEYGEN_STRENGTH) { RSAerr(RSA_F_RSA_SP800_56B_VALIDATE_STRENGTH, RSA_R_INVALID_MODULUS); return 0; } +#endif if (strength != -1 && s != strength) { RSAerr(RSA_F_RSA_SP800_56B_VALIDATE_STRENGTH, RSA_R_INVALID_STRENGTH); return 0; diff --git a/doc/man1/openssl-genrsa.pod.in b/doc/man1/openssl-genrsa.pod.in index 89ae929ced..33aa60ca4e 100644 --- a/doc/man1/openssl-genrsa.pod.in +++ b/doc/man1/openssl-genrsa.pod.in @@ -33,7 +33,7 @@ B B {- $OpenSSL::safe::opt_provider_synopsis -} [B] -=for openssl ifdef engine +=for openssl ifdef engine 3 =head1 DESCRIPTION @@ -70,6 +70,7 @@ for if it is not supplied via the B<-passout> argument. =item B<-F4>, B<-f4>, B<-3> The public exponent to use, either 65537 or 3. The default is 65537. +The B<-3> option has been deprecated. =item B<-primes> I diff --git a/doc/man7/EVP_PKEY-RSA.pod b/doc/man7/EVP_PKEY-RSA.pod index ad49284437..28f61e4066 100644 --- a/doc/man7/EVP_PKEY-RSA.pod +++ b/doc/man7/EVP_PKEY-RSA.pod @@ -123,6 +123,12 @@ default is 2. It isn't permitted to specify a larger number of primes than being generated so the maximum number could be less. Some providers may only support a value of 2. +=item "e" (B) + +The RSA "e" value. The value may be any odd number greater than or equal to +65537. The default value is 65537. +For legacy reasons a value of 3 is currently accepted but is deprecated. + =back =head1 CONFORMING TO diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index bf12b90088..140c0d4412 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -40,7 +40,7 @@ extern "C" { # ifndef OPENSSL_NO_DEPRECATED_3_0 /* The types RSA and RSA_METHOD are defined in ossl_typ.h */ -# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 +# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 2048 # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t index bfe000a26d..17b0cbc1a0 100644 --- a/test/recipes/15-test_genrsa.t +++ b/test/recipes/15-test_genrsa.t @@ -16,7 +16,7 @@ use OpenSSL::Test::Utils; setup("test_genrsa"); -plan tests => 9; +plan tests => 12; # We want to know that an absurdly small number of bits isn't support if (disabled("deprecated-3.0")) { @@ -43,7 +43,7 @@ while ($good > $bad + 1) { my $bits = 2 ** $checked; if (disabled("deprecated-3.0")) { $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', - '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:3', + '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:65537', '-pkeyopt', "rsa_keygen_bits:$bits", ], stderr => undef)); } else { @@ -64,7 +64,7 @@ $good = 2 ** $good; note "Found lowest allowed amount of bits to be $good"; ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', - '-pkeyopt', 'rsa_keygen_pubexp:3', + '-pkeyopt', 'rsa_keygen_pubexp:65537', '-pkeyopt', "rsa_keygen_bits:$good", '-out', 'genrsatest.pem' ])), "genpkey -3 $good"); @@ -75,9 +75,24 @@ ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', '-pkeyopt', "rsa_keygen_bits:$good", '-out', 'genrsatest.pem' ])), "genpkey -f4 $good"); -ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])), + +ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', + '-pkeyopt', 'rsa_keygen_bits:2048', + '-out', 'genrsatest2048.pem' ])), + "genpkey 2048 bits"); +ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest2048.pem', '-noout' ])), "pkey -check"); +ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', + '-pkeyopt', 'hexe:02', + '-out', 'genrsatest.pem' ])), + "genpkey with a bad public exponent should fail"); +ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA', + '-pkeyopt', 'e:65538', + '-out', 'genrsatest.pem' ])), + "genpkey with a even public exponent should fail"); + + SKIP: { skip "Skipping rsa command line test", 4 if disabled("deprecated-3.0"); From openssl at openssl.org Wed Jun 10 01:25:46 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Jun 2020 01:25:46 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1591752346.382754.15554.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: cd4afec69f Add a test for renegotiation with EXTMS dropped 11d3235e2b Do not allow dropping Extended Master Secret extension on renegotiaton 7646610b6a use safe primes in ssl_get_auto_dh() 7821585206 APPS: Fix 'openssl dhparam' edf9659165 APPS: Fix 'openssl dsaparam -genkey' 4ec1463d71 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info a6d36303e9 TLSv1.3: additional checks in SSL_set_record_padding_callback da4db1602d test: TLS1.3 and new ciphers for kTLS cc10b56dbe TLSv13: add kTLS support 4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256 95badfeb60 kTLS: add Linux-specific kTLS helpers f434bfaccf kTLS: add new algo definitions 996a6ac32b kTLS: make ktls_start type independed c8636ebf4a fix doc typo in bn_dh.c 71273ab57a Fix 90-test_store.t for latest config, limits, providers, and disabled algos 49f84002d0 Fix documentation of OSSL_STORE c29ba6a92e Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() 4ca015555b Add chain to PKCS#12 test file generation in 90-test_store.t 9f5ff440b8 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=199, Tests=1918, 733 wallclock secs ( 8.72 usr 1.15 sys + 683.10 cusr 48.35 csys = 741.32 CPU) Result: FAIL Makefile:3102: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3100: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Jun 10 04:05:44 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Jun 2020 04:05:44 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1591761944.313075.12094.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: cd4afec69f Add a test for renegotiation with EXTMS dropped 11d3235e2b Do not allow dropping Extended Master Secret extension on renegotiaton 7646610b6a use safe primes in ssl_get_auto_dh() 7821585206 APPS: Fix 'openssl dhparam' edf9659165 APPS: Fix 'openssl dsaparam -genkey' 4ec1463d71 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info a6d36303e9 TLSv1.3: additional checks in SSL_set_record_padding_callback da4db1602d test: TLS1.3 and new ciphers for kTLS cc10b56dbe TLSv13: add kTLS support 4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256 95badfeb60 kTLS: add Linux-specific kTLS helpers f434bfaccf kTLS: add new algo definitions 996a6ac32b kTLS: make ktls_start type independed c8636ebf4a fix doc typo in bn_dh.c 71273ab57a Fix 90-test_store.t for latest config, limits, providers, and disabled algos 49f84002d0 Fix documentation of OSSL_STORE c29ba6a92e Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() 4ca015555b Add chain to PKCS#12 test file generation in 90-test_store.t 9f5ff440b8 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Build log ended with (last 100 lines): ssl/statem/libssl-shlib-statem_dtls.o \ ssl/statem/libssl-shlib-statem_lib.o \ ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld \ engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld \ engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld \ engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld \ engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld \ engines/padlock-dso-e_padlock-x86_64.o \ engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test \ fuzz/asn1parse-test-bin-asn1parse.o \ fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test \ fuzz/bignum-test-bin-bignum.o \ fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bndiv-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bndiv-test \ fuzz/bndiv-test-bin-bndiv.o \ fuzz/bndiv-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/conf-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/conf-test \ fuzz/conf-test-bin-conf.o fuzz/conf-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22666: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22690: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22714: recipe for target 'fuzz/bndiv-test' failed make[1]: *** [fuzz/bndiv-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22785: recipe for target 'fuzz/conf-test' failed make[1]: *** [fuzz/conf-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3029: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Wed Jun 10 06:39:11 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Jun 2020 06:39:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1591771151.715584.22440.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: cd4afec69f Add a test for renegotiation with EXTMS dropped 11d3235e2b Do not allow dropping Extended Master Secret extension on renegotiaton 7646610b6a use safe primes in ssl_get_auto_dh() 7821585206 APPS: Fix 'openssl dhparam' edf9659165 APPS: Fix 'openssl dsaparam -genkey' 4ec1463d71 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info a6d36303e9 TLSv1.3: additional checks in SSL_set_record_padding_callback da4db1602d test: TLS1.3 and new ciphers for kTLS cc10b56dbe TLSv13: add kTLS support 4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256 95badfeb60 kTLS: add Linux-specific kTLS helpers f434bfaccf kTLS: add new algo definitions 996a6ac32b kTLS: make ktls_start type independed c8636ebf4a fix doc typo in bn_dh.c 71273ab57a Fix 90-test_store.t for latest config, limits, providers, and disabled algos 49f84002d0 Fix documentation of OSSL_STORE c29ba6a92e Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() 4ca015555b Add chain to PKCS#12 test file generation in 90-test_store.t 9f5ff440b8 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=199, Tests=1991, 745 wallclock secs ( 8.68 usr 1.23 sys + 691.22 cusr 46.00 csys = 747.13 CPU) Result: FAIL Makefile:3101: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3099: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Wed Jun 10 07:38:46 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 10 Jun 2020 07:38:46 +0000 Subject: Build failed: openssl master.34837 Message-ID: <20200610073846.1.D87B6B7209028F24@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 10 08:06:34 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 10 Jun 2020 08:06:34 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.34838 Message-ID: <20200610080634.1.08124D638C3B3B45@appveyor.com> An HTML attachment was scrubbed... URL: From dev at ddvo.net Wed Jun 10 08:40:26 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 10 Jun 2020 08:40:26 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1591778426.782336.14028.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 0fef6d55d379bc6dacf05713c38f3ec81957ea69 (commit) via 1349865a5621ce69f09ff4a0991afd74648df72b (commit) from 7f699cb663741a73cfe95214d4a39a1078c94294 (commit) - Log ----------------------------------------------------------------- commit 0fef6d55d379bc6dacf05713c38f3ec81957ea69 Author: Dr. David von Oheimb Date: Thu Jun 4 12:34:00 2020 +0200 Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c Fixes #12033 Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/12041) commit 1349865a5621ce69f09ff4a0991afd74648df72b Author: Dr. David von Oheimb Date: Fri Jun 5 16:34:51 2020 +0200 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/12041) ----------------------------------------------------------------------- Summary of changes: test/handshake_helper.c | 3 ++- test/tls13encryptiontest.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 1742004b5b..347f6b49ed 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -637,7 +637,8 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, } if (extra->client.alpn_protocols != NULL) { unsigned char *alpn_protos = NULL; - size_t alpn_protos_len; + size_t alpn_protos_len = 0; + if (!TEST_true(parse_protos(extra->client.alpn_protocols, &alpn_protos, &alpn_protos_len)) /* Reversed return value convention... */ diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index 479ff4105e..dbe80a20fa 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -288,7 +288,7 @@ static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc) { int ret = 0; unsigned char *refd; - size_t refdatalen; + size_t refdatalen = 0; if (enc) refd = multihexstr2buf(recd->ciphertext, &refdatalen); From dev at ddvo.net Wed Jun 10 08:44:26 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 10 Jun 2020 08:44:26 +0000 Subject: [openssl] master update Message-ID: <1591778666.638003.15395.nullmailer@dev.openssl.org> The branch master has been updated via 498e807ed257b0f292ba94aea2971b928efbfd91 (commit) via a61b6b623df1295976d82c177707ac80f2751237 (commit) from 8bf37709a471bb31d2e1f5b4b3796fb3e6dce4df (commit) - Log ----------------------------------------------------------------- commit 498e807ed257b0f292ba94aea2971b928efbfd91 Author: Dr. David von Oheimb Date: Fri Jun 5 16:42:39 2020 +0200 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12042) commit a61b6b623df1295976d82c177707ac80f2751237 Author: Dr. David von Oheimb Date: Thu Jun 4 12:37:50 2020 +0200 Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12042) ----------------------------------------------------------------------- Summary of changes: test/handshake_helper.c | 3 ++- test/tls13encryptiontest.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/test/handshake_helper.c b/test/handshake_helper.c index 030073289a..2dfded5c11 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -641,7 +641,8 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx, } if (extra->client.alpn_protocols != NULL) { unsigned char *alpn_protos = NULL; - size_t alpn_protos_len; + size_t alpn_protos_len = 0; + if (!TEST_true(parse_protos(extra->client.alpn_protocols, &alpn_protos, &alpn_protos_len)) /* Reversed return value convention... */ diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index 84a8557e4e..e8614cfebd 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -277,7 +277,7 @@ static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc) { int ret = 0; unsigned char *refd; - size_t refdatalen; + size_t refdatalen = 0; if (enc) refd = multihexstr2buf(recd->ciphertext, &refdatalen); From dev at ddvo.net Wed Jun 10 09:09:05 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 10 Jun 2020 09:09:05 +0000 Subject: [openssl] master update Message-ID: <1591780145.678587.20469.nullmailer@dev.openssl.org> The branch master has been updated via 2a3158ac5ba5aae516f8d3264d723f1b7e86fc34 (commit) via 8da42c8b26393f56acc4f301b95f925eb8902442 (commit) from 498e807ed257b0f292ba94aea2971b928efbfd91 (commit) - Log ----------------------------------------------------------------- commit 2a3158ac5ba5aae516f8d3264d723f1b7e86fc34 Author: Dr. David von Oheimb Date: Fri Jun 5 21:40:28 2020 +0200 Make error output of dhparams and dsaparams app more consistent Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12062) commit 8da42c8b26393f56acc4f301b95f925eb8902442 Author: Dr. David von Oheimb Date: Fri Jun 5 21:27:34 2020 +0200 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12062) ----------------------------------------------------------------------- Summary of changes: apps/dhparam.c | 36 ++++++++++++------------------------ apps/dsaparam.c | 20 +++++++------------- crypto/dh/dh_err.c | 3 ++- crypto/dh/dh_gen.c | 2 +- crypto/dsa/dsa_err.c | 3 ++- crypto/dsa/dsa_pmeth.c | 2 +- crypto/err/openssl.txt | 2 ++ crypto/ffc/ffc_params_generate.c | 9 +++++++++ include/openssl/dherr.h | 1 + include/openssl/dsaerr.h | 1 + 10 files changed, 38 insertions(+), 41 deletions(-) diff --git a/apps/dhparam.c b/apps/dhparam.c index aadf1f2c32..84f5f3ed8f 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -177,7 +177,7 @@ int dhparam_main(int argc, char **argv) #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) if (dsaparam && g) { BIO_printf(bio_err, - "generator may not be chosen for DSA parameters\n"); + "Error, generator may not be chosen for DSA parameters\n"); goto end; } #endif @@ -198,10 +198,8 @@ int dhparam_main(int argc, char **argv) DSA *dsa = DSA_new(); BN_GENCB *cb = BN_GENCB_new(); - if (cb == NULL) { - ERR_print_errors(bio_err); + if (cb == NULL) goto end; - } BN_GENCB_set(cb, dh_cb, bio_err); @@ -212,23 +210,20 @@ int dhparam_main(int argc, char **argv) cb)) { DSA_free(dsa); BN_GENCB_free(cb); - ERR_print_errors(bio_err); + BIO_printf(bio_err, "Error, unable to generate DSA parameters\n"); goto end; } dh = alloc_dh = DSA_dup_DH(dsa); DSA_free(dsa); BN_GENCB_free(cb); - if (dh == NULL) { - ERR_print_errors(bio_err); + if (dh == NULL) goto end; - } } else #endif { ctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); if (ctx == NULL) { - ERR_print_errors(bio_err); BIO_printf(bio_err, "Error, DH key generation context allocation failed\n"); goto end; @@ -242,18 +237,15 @@ int dhparam_main(int argc, char **argv) if (!EVP_PKEY_paramgen_init(ctx)) { BIO_printf(bio_err, "Error, unable to initialise DH param generation\n"); - ERR_print_errors(bio_err); goto end; } if (!EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, num)) { BIO_printf(bio_err, "Error, unable to set DH prime length\n"); - ERR_print_errors(bio_err); goto end; } if (!EVP_PKEY_paramgen(ctx, &pkey)) { BIO_printf(bio_err, "Error, DH generation failed\n"); - ERR_print_errors(bio_err); goto end; } dh = EVP_PKEY_get0_DH(pkey); @@ -273,17 +265,14 @@ int dhparam_main(int argc, char **argv) dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); if (dsa == NULL) { - BIO_printf(bio_err, "unable to load DSA parameters\n"); - ERR_print_errors(bio_err); + BIO_printf(bio_err, "Error, unable to load DSA parameters\n"); goto end; } dh = alloc_dh = DSA_dup_DH(dsa); DSA_free(dsa); - if (dh == NULL) { - ERR_print_errors(bio_err); + if (dh == NULL) goto end; - } } else #endif { @@ -302,8 +291,7 @@ int dhparam_main(int argc, char **argv) } if (dh == NULL) { - BIO_printf(bio_err, "unable to load DH parameters\n"); - ERR_print_errors(bio_err); + BIO_printf(bio_err, "Error, unable to load DH parameters\n"); goto end; } } @@ -315,8 +303,7 @@ int dhparam_main(int argc, char **argv) if (check) { if (!EVP_PKEY_param_check(ctx) /* DH_check(dh, &i) */) { - ERR_print_errors(bio_err); - BIO_printf(bio_err, "ERROR: Invalid parameters generated\n"); + BIO_printf(bio_err, "Error, invalid parameters generated\n"); goto end; } BIO_printf(bio_err, "DH parameters appear to be ok.\n"); @@ -325,7 +312,7 @@ int dhparam_main(int argc, char **argv) * We have generated parameters but DH_check() indicates they are * invalid! This should never happen! */ - BIO_printf(bio_err, "ERROR: Invalid parameters generated\n"); + BIO_printf(bio_err, "Error, invalid parameters generated\n"); goto end; } } @@ -383,13 +370,14 @@ int dhparam_main(int argc, char **argv) i = PEM_write_bio_DHparams(out, dh); } if (!i) { - BIO_printf(bio_err, "unable to write DH parameters\n"); - ERR_print_errors(bio_err); + BIO_printf(bio_err, "Error, unable to write DH parameters\n"); goto end; } } ret = 0; end: + if (ret != 0) + ERR_print_errors(bio_err); DH_free(alloc_dh); BIO_free(in); BIO_free_all(out); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 19cb1bdd46..dfcaf38ca9 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -149,7 +149,6 @@ int dsaparam_main(int argc, char **argv) ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL); if (ctx == NULL) { - ERR_print_errors(bio_err); BIO_printf(bio_err, "Error, DSA parameter generation context allocation failed\n"); goto end; @@ -169,19 +168,16 @@ int dsaparam_main(int argc, char **argv) BIO_printf(bio_err, "This could take some time\n"); } if (EVP_PKEY_paramgen_init(ctx) <= 0) { - ERR_print_errors(bio_err); BIO_printf(bio_err, "Error, DSA key generation paramgen init failed\n"); goto end; } if (!EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, num)) { - ERR_print_errors(bio_err); BIO_printf(bio_err, "Error, DSA key generation setting bit length failed\n"); goto end; } if (EVP_PKEY_paramgen(ctx, ¶ms) <= 0) { - ERR_print_errors(bio_err); BIO_printf(bio_err, "Error, DSA key generation failed\n"); goto end; } @@ -191,8 +187,7 @@ int dsaparam_main(int argc, char **argv) params = PEM_read_bio_Parameters(in, NULL); } if (params == NULL) { - BIO_printf(bio_err, "unable to load DSA parameters\n"); - ERR_print_errors(bio_err); + BIO_printf(bio_err, "Error, unable to load DSA parameters\n"); goto end; } @@ -247,8 +242,7 @@ int dsaparam_main(int argc, char **argv) else i = PEM_write_bio_Parameters(out, params); if (!i) { - BIO_printf(bio_err, "unable to write DSA parameters\n"); - ERR_print_errors(bio_err); + BIO_printf(bio_err, "Error, unable to write DSA parameters\n"); goto end; } } @@ -256,19 +250,17 @@ int dsaparam_main(int argc, char **argv) EVP_PKEY_CTX_free(ctx); ctx = EVP_PKEY_CTX_new(params, NULL); if (ctx == NULL) { - ERR_print_errors(bio_err); BIO_printf(bio_err, "Error, DSA key generation context allocation failed\n"); goto end; } if (!EVP_PKEY_keygen_init(ctx)) { - BIO_printf(bio_err, "unable to initialise for key generation\n"); - ERR_print_errors(bio_err); + BIO_printf(bio_err, + "Error, unable to initialise for key generation\n"); goto end; } if (!EVP_PKEY_keygen(ctx, &pkey)) { - BIO_printf(bio_err, "unable to generate key\n"); - ERR_print_errors(bio_err); + BIO_printf(bio_err, "Error, unable to generate key\n"); goto end; } assert(private); @@ -279,6 +271,8 @@ int dsaparam_main(int argc, char **argv) } ret = 0; end: + if (ret != 0) + ERR_print_errors(bio_err); BIO_free(in); BIO_free_all(out); EVP_PKEY_CTX_free(ctx); diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index e5eb32381d..a8243ec987 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA DH_str_reasons[] = { + {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_FFC_PARAMETERS), "bad ffc parameters"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"}, diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 327f6ff610..8c1518ad9b 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -68,7 +68,7 @@ int dh_get_named_group_uid_from_size(int pbits) * Just choose an approved safe prime group. * The alternative to this is to generate FIPS186-4 domain parameters i.e. * return dh_generate_ffc_parameters(ret, prime_len, 0, NULL, cb); - * As the FIPS186-4 generated params are for backwards compatability, + * As the FIPS186-4 generated params are for backwards compatibility, * the safe prime group should be used as the default. */ int nid; diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c index f4d187e4b9..6bf7accacf 100644 --- a/crypto/dsa/dsa_err.c +++ b/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA DSA_str_reasons[] = { + {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_FFC_PARAMETERS), "bad ffc parameters"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"}, {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"}, diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 750d0168fa..7f7f57f6d3 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -221,7 +221,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) dctx->nbits, dctx->qbits, dctx->pmd, &res, pcb); BN_GENCB_free(pcb); - if (ret) + if (ret > 0) EVP_PKEY_assign_DSA(pkey, dsa); else DSA_free(dsa); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 8afc67e747..9b252e3827 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2341,6 +2341,7 @@ CT_R_SCT_UNSUPPORTED_VERSION:115:sct unsupported version CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type CT_R_UNSUPPORTED_VERSION:103:unsupported version +DH_R_BAD_FFC_PARAMETERS:127:bad ffc parameters DH_R_BAD_GENERATOR:101:bad generator DH_R_BN_DECODE_ERROR:109:bn decode error DH_R_BN_ERROR:106:bn error @@ -2368,6 +2369,7 @@ DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error DH_R_PEER_KEY_ERROR:111:peer key error DH_R_SHARED_INFO_ERROR:113:shared info error DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator +DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters DSA_R_BAD_Q_VALUE:102:bad q value DSA_R_BN_DECODE_ERROR:108:bn decode error DSA_R_BN_ERROR:109:bn error diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index 1d8d80c9b4..624c24dd21 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -27,6 +27,9 @@ #include /* memset */ #include /* SHA_DIGEST_LENGTH */ #include +#include +#include +#include #include "crypto/bn.h" #include "internal/ffc.h" @@ -40,6 +43,9 @@ static int ffc_validate_LN(size_t L, size_t N, int type) /* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */ if (L == 2048 && (N == 224 || N == 256)) return 112; +#ifndef OPENSSL_NO_DH + DHerr(0, DH_R_BAD_FFC_PARAMETERS); +#endif } else if (type == FFC_PARAM_TYPE_DSA) { /* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */ if (L == 1024 && N == 160) @@ -48,6 +54,9 @@ static int ffc_validate_LN(size_t L, size_t N, int type) return 112; if (L == 3072 && N == 256) return 128; +#ifndef OPENSSL_NO_DSA + DSAerr(0, DSA_R_BAD_FFC_PARAMETERS); +#endif } return 0; } diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h index 0ebe560545..1b8fb17172 100644 --- a/include/openssl/dherr.h +++ b/include/openssl/dherr.h @@ -62,6 +62,7 @@ int ERR_load_DH_strings(void); /* * DH reason codes. */ +# define DH_R_BAD_FFC_PARAMETERS 127 # define DH_R_BAD_GENERATOR 101 # define DH_R_BN_DECODE_ERROR 109 # define DH_R_BN_ERROR 106 diff --git a/include/openssl/dsaerr.h b/include/openssl/dsaerr.h index e2cf3098d5..271f24a2b5 100644 --- a/include/openssl/dsaerr.h +++ b/include/openssl/dsaerr.h @@ -57,6 +57,7 @@ int ERR_load_DSA_strings(void); /* * DSA reason codes. */ +# define DSA_R_BAD_FFC_PARAMETERS 114 # define DSA_R_BAD_Q_VALUE 102 # define DSA_R_BN_DECODE_ERROR 108 # define DSA_R_BN_ERROR 109 From dev at ddvo.net Wed Jun 10 09:16:09 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Wed, 10 Jun 2020 09:16:09 +0000 Subject: [openssl] master update Message-ID: <1591780569.427604.22388.nullmailer@dev.openssl.org> The branch master has been updated via 317ffa576bc6d0eacec310f50f951c5d895c802e (commit) from 2a3158ac5ba5aae516f8d3264d723f1b7e86fc34 (commit) - Log ----------------------------------------------------------------- commit 317ffa576bc6d0eacec310f50f951c5d895c802e Author: Dr. David von Oheimb Date: Mon Jun 8 13:40:34 2020 +0200 run_tests.pl: Add options for focussing output on failed (sub-)tests VERBOSE_FAILURES_ONLY (VFO): verbose output only of failed (sub-)tests VERBOSE_FAILURES_PROGRESS (VFP): in addition summary for passed tests This adds a workaroud for TAP::Parser not coping well with indentation. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12088) ----------------------------------------------------------------------- Summary of changes: test/run_tests.pl | 59 ++++++++++++++++++++++++++++++++++++++--------- util/perl/OpenSSL/Test.pm | 2 ++ 2 files changed, 50 insertions(+), 11 deletions(-) diff --git a/test/run_tests.pl b/test/run_tests.pl index b75f763979..bd83a6b988 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -14,6 +14,10 @@ use warnings; BEGIN { $ENV{HARNESS_VERBOSE} = "yes" if $ENV{VERBOSE} || $ENV{V}; $ENV{HARNESS_VERBOSE_FAILURE} = "yes" if $ENV{VERBOSE_FAILURE} || $ENV{VF}; + $ENV{HARNESS_VERBOSE_FAILURES_ONLY} = "yes" + if $ENV{VERBOSE_FAILURES_ONLY} || $ENV{VFO}; + $ENV{HARNESS_VERBOSE_FAILURES_PROGRESS} = "yes" + if $ENV{VERBOSE_FAILURES_PROGRESS} || $ENV{VFP}; } use File::Spec::Functions qw/catdir catfile curdir abs2rel rel2abs/; @@ -45,8 +49,10 @@ my %tapargs = # TAP::Parser::OpenSSL implementation further down my %openssl_args = (); -$openssl_args{'failure_verbosity'} = - $ENV{HARNESS_VERBOSE_FAILURE} && $tapargs{verbosity} < 1 ? 1 : 0; +$openssl_args{'failure_verbosity'} = $ENV{HARNESS_VERBOSE} ? 0 : + $ENV{HARNESS_VERBOSE_FAILURE} ? 3 : + $ENV{HARNESS_VERBOSE_FAILURES_PROGRESS} ? 2 : + $ENV{HARNESS_VERBOSE_FAILURES_ONLY} ? 1 : 0; my $outfilename = $ENV{HARNESS_TAP_COPY}; open $openssl_args{'tap_copy'}, ">$outfilename" @@ -110,7 +116,7 @@ sub find_matching_tests { # The following is quite a bit of hackery to adapt to both TAP::Harness # and Test::Harness, depending on what's available. -# The TAP::Harness hack allows support for HARNESS_VERBOSE_FAILURE and +# The TAP::Harness hack allows support for HARNESS_VERBOSE_FAILURE* and # HARNESS_TAP_COPY, while the Test::Harness hack can't, because the pre # TAP::Harness Test::Harness simply doesn't have support for this sort of # thing. @@ -127,26 +133,55 @@ $eres = eval { sub new { my $class = shift; my %opts = %{ shift() }; + my $failure_verbosity = $openssl_args{failure_verbosity}; + print "\n" if $failure_verbosity == 1 || $failure_verbosity == 2; + my @plans = (); # initial level, no plan yet + my $output_buffer = ""; # We rely heavily on perl closures to make failure verbosity work # We need to do so, because there's no way to safely pass extra # objects down all the way to the TAP::Parser::Result object my @failure_output = (); my %callbacks = (); - if ($openssl_args{failure_verbosity} - || defined $openssl_args{tap_copy}) { - $callbacks{ALL} = sub { + if ($failure_verbosity > 0 || defined $openssl_args{tap_copy}) { + $callbacks{ALL} = sub { # on each line of test output my $self = shift; my $fh = $openssl_args{tap_copy}; - print $fh $self->as_string, "\n" if defined $fh; - push @failure_output, $self->as_string - if $openssl_args{failure_verbosity} > 0; - }; + + my $failure_verbosity = $openssl_args{failure_verbosity}; + if ($failure_verbosity == 3) { + push @failure_output, $self->as_string; + } elsif ($failure_verbosity > 0) { + my $is_plan = $self->is_plan; + my $tests_planned = $is_plan && $self->tests_planned; + my $is_test = $self->is_test; + my $is_ok = $is_test && $self->is_ok; + # workaround in case parser not coping with indentation: + if ($self->is_unknown) { + ($is_plan, $tests_planned) = (1, $1) + if ($self->as_string =~ m/^\s+1\.\.(\d+)/); + ($is_test, $is_ok) = (1, !$1) + if ($self->as_string =~ m/^\s+(not )?ok /); + } + if ($is_plan) { + push @plans, $tests_planned; + $output_buffer = ""; # ignore comments etc. until plan + } elsif ($is_test) { # result of a test + pop @plans if @plans && --($plans[-1]) <= 0; + print $output_buffer if !$is_ok; + print $self->as_string."\n" + if !$is_ok || $failure_verbosity == 2; + $output_buffer = ""; + } else { # typically comment or unknown + $output_buffer .= $self->as_string."\n"; + } + } + } } - if ($openssl_args{failure_verbosity} > 0) { + if ($failure_verbosity > 0) { $callbacks{EOF} = sub { my $self = shift; @@ -157,6 +192,8 @@ $eres = eval { # line. print $_, "\n" foreach (("", @failure_output)); } + # Echo any trailing comments etc. + print "$output_buffer" if $failure_verbosity != 3; }; } diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm index 8d2894e769..b40283fe34 100644 --- a/util/perl/OpenSSL/Test.pm +++ b/util/perl/OpenSSL/Test.pm @@ -35,6 +35,8 @@ OpenSSL::Test - a private extension of Test::More setup("my_test_name"); + plan tests => 2; + ok(run(app(["openssl", "version"])), "check for openssl presence"); indir "subdir" => sub { From openssl at openssl.org Wed Jun 10 11:15:06 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 10 Jun 2020 11:15:06 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1591787706.500595.13854.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: cd4afec69f Add a test for renegotiation with EXTMS dropped 11d3235e2b Do not allow dropping Extended Master Secret extension on renegotiaton 7646610b6a use safe primes in ssl_get_auto_dh() 7821585206 APPS: Fix 'openssl dhparam' edf9659165 APPS: Fix 'openssl dsaparam -genkey' 4ec1463d71 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info a6d36303e9 TLSv1.3: additional checks in SSL_set_record_padding_callback da4db1602d test: TLS1.3 and new ciphers for kTLS cc10b56dbe TLSv13: add kTLS support 4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256 95badfeb60 kTLS: add Linux-specific kTLS helpers f434bfaccf kTLS: add new algo definitions 996a6ac32b kTLS: make ktls_start type independed c8636ebf4a fix doc typo in bn_dh.c 71273ab57a Fix 90-test_store.t for latest config, limits, providers, and disabled algos 49f84002d0 Fix documentation of OSSL_STORE c29ba6a92e Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() 4ca015555b Add chain to PKCS#12 test file generation in 90-test_store.t 9f5ff440b8 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=199, Tests=1918, 723 wallclock secs ( 8.07 usr 1.10 sys + 681.64 cusr 47.26 csys = 738.07 CPU) Result: FAIL Makefile:3108: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3106: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Wed Jun 10 11:58:32 2020 From: matt at openssl.org (Matt Caswell) Date: Wed, 10 Jun 2020 11:58:32 +0000 Subject: [openssl] master update Message-ID: <1591790312.470863.9838.nullmailer@dev.openssl.org> The branch master has been updated via 5cff2df8cedd7b8185756df216f16a213fb22637 (commit) via a370ff8daa31f5030fb12e298730bbecf69c7e09 (commit) via 154ea425e647de4a497aa28c91d279aa93b3bf60 (commit) via b896d9436d69c67f9d10ffcc8aed15db42c08766 (commit) from 317ffa576bc6d0eacec310f50f951c5d895c802e (commit) - Log ----------------------------------------------------------------- commit 5cff2df8cedd7b8185756df216f16a213fb22637 Author: Matt Caswell Date: Wed May 27 11:50:05 2020 +0100 Make it clear that you can't use all ciphers for CMAC Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11972) commit a370ff8daa31f5030fb12e298730bbecf69c7e09 Author: Matt Caswell Date: Wed May 27 11:40:24 2020 +0100 Add a CMAC test We did not have a test of the low level CMAC APIs so we add one. This is heavily based on the HMAC test. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11972) commit 154ea425e647de4a497aa28c91d279aa93b3bf60 Author: Matt Caswell Date: Wed May 27 11:38:39 2020 +0100 Correctly handle the return value from EVP_Cipher() in the CMAC code EVP_Cipher() is a very low level routine that directly calls the underlying cipher function. It's return value semantics are very odd. Depending on the type of cipher 0 or -1 is returned on error. We should just check for <=0 for a failure. Fixes #11957 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11972) commit b896d9436d69c67f9d10ffcc8aed15db42c08766 Author: Matt Caswell Date: Wed May 27 11:37:39 2020 +0100 Ensure we never use a partially initialised CMAC_CTX If the CMAC_CTX is partially initialised then we make a note of this so that future operations will fail if the initialisation has not been completed. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11972) ----------------------------------------------------------------------- Summary of changes: crypto/cmac/cmac.c | 18 +- doc/man3/EVP_PKEY_new.pod | 3 +- test/build.info | 9 + test/cmactest.c | 216 ++++++++++++++++++++++++ test/recipes/{05-test_idea.t => 05-test_cmac.t} | 2 +- 5 files changed, 240 insertions(+), 8 deletions(-) create mode 100644 test/cmactest.c copy test/recipes/{05-test_idea.t => 05-test_cmac.t} (89%) diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 7f55c46533..81a6490384 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -125,12 +125,18 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 1; } /* Initialise context */ - if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) - return 0; + if (cipher != NULL) { + /* Ensure we can't use this ctx until we also have a key */ + ctx->nlast_block = -1; + if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) + return 0; + } /* Non-NULL key means initialisation complete */ - if (key) { + if (key != NULL) { int bl; + /* If anything fails then ensure we can't use this ctx */ + ctx->nlast_block = -1; if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) @@ -139,7 +145,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 0; if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0) return 0; - if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0) return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); @@ -180,12 +186,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 1; data += nleft; /* Else not final block so encrypt it */ - if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl) <= 0) return 0; } /* Encrypt all but one of the complete blocks left */ while (dlen > (size_t)bl) { - if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, data, bl) <= 0) return 0; dlen -= bl; data += bl; diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index 3efab95671..ff5744bebd 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -96,7 +96,8 @@ B, B, B or B. EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key() except it is only for the B algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during -creation of a CMAC in the B argument. +creation of a CMAC in the B argument. The cipher should be a standard +encryption only cipher. For example AEAD and XTS ciphers should not be used. EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). New applications should use EVP_PKEY_new_raw_private_key() instead. diff --git a/test/build.info b/test/build.info index b98d1b52cc..de4f2fc270 100644 --- a/test/build.info +++ b/test/build.info @@ -514,6 +514,9 @@ IF[{- !$disabled{tests} -}] IF[{- !$disabled{ec} -}] PROGRAMS{noinst}=ec_internal_test curve448_internal_test ENDIF + IF[{- !$disabled{cmac} -}] + PROGRAMS{noinst}=cmactest + ENDIF SOURCE[poly1305_internal_test]=poly1305_internal_test.c INCLUDE[poly1305_internal_test]=.. ../include ../apps/include @@ -587,6 +590,12 @@ IF[{- !$disabled{tests} -}] INCLUDE[hmactest]=../include ../apps/include DEPEND[hmactest]=../libcrypto.a libtestutil.a + IF[{- !$disabled{cmac} -}] + SOURCE[cmactest]=cmactest.c + INCLUDE[cmactest]=../include ../apps/include + DEPEND[cmactest]=../libcrypto.a libtestutil.a + ENDIF + SOURCE[siphash_internal_test]=siphash_internal_test.c INCLUDE[siphash_internal_test]=.. ../include ../apps/include DEPEND[siphash_internal_test]=../libcrypto.a libtestutil.a diff --git a/test/cmactest.c b/test/cmactest.c new file mode 100644 index 0000000000..cb2b273b0f --- /dev/null +++ b/test/cmactest.c @@ -0,0 +1,216 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * CMAC low level APIs are deprecated for public use, but still ok for internal + * use. + */ +#include "internal/deprecated.h" + +#include +#include +#include + +#include "internal/nelem.h" + +#include +#include +#include + +#include "testutil.h" + +static const char xtskey[32] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f +}; + +static struct test_st { + const char key[32]; + int key_len; + const unsigned char data[64]; + int data_len; + const char *mac; +} test[3] = { + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }, + 16, + "My test data", + 12, + "29cec977c48f63c200bd5c4a6881b224" + }, + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }, + 32, + "My test data", + 12, + "db6493aa04e4761f473b2b453c031c9a" + }, + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }, + 32, + "My test data again", + 18, + "65c11c75ecf590badd0a5e56cbb8af60" + }, +}; + +static char *pt(unsigned char *md, unsigned int len); + +static int test_cmac_bad(void) +{ + CMAC_CTX *ctx = NULL; + int ret = 0; + + ctx = CMAC_CTX_new(); + if (!TEST_ptr(ctx) + || !TEST_false(CMAC_Init(ctx, NULL, 0, NULL, NULL)) + || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len)) + /* Should be able to pass cipher first, and then key */ + || !TEST_true(CMAC_Init(ctx, NULL, 0, EVP_aes_128_cbc(), NULL)) + /* Must have a key */ + || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len)) + /* Now supply the key */ + || !TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, NULL, NULL)) + /* Update should now work */ + || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) + /* XTS is not a suitable cipher to use */ + || !TEST_false(CMAC_Init(ctx, xtskey, sizeof(xtskey), EVP_aes_128_xts(), + NULL)) + || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len))) + goto err; + + ret = 1; +err: + CMAC_CTX_free(ctx); + return ret; +} + +static int test_cmac_run(void) +{ + char *p; + CMAC_CTX *ctx = NULL; + unsigned char buf[AES_BLOCK_SIZE]; + size_t len; + int ret = 0; + + ctx = CMAC_CTX_new(); + + if (!TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, + EVP_aes_128_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + + p = pt(buf, len); + if (!TEST_str_eq(p, test[0].mac)) + goto err; + + if (!TEST_true(CMAC_Init(ctx, test[1].key, test[1].key_len, + EVP_aes_256_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[1].data, test[1].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + + p = pt(buf, len); + if (!TEST_str_eq(p, test[1].mac)) + goto err; + + if (!TEST_true(CMAC_Init(ctx, test[2].key, test[2].key_len, NULL, NULL)) + || !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[2].mac)) + goto err; + /* Test reusing a key */ + if (!TEST_true(CMAC_Init(ctx, NULL, 0, NULL, NULL)) + || !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[2].mac)) + goto err; + + /* Test setting the cipher and key separately */ + if (!TEST_true(CMAC_Init(ctx, NULL, 0, EVP_aes_256_cbc(), NULL)) + || !TEST_true(CMAC_Init(ctx, test[2].key, test[2].key_len, NULL, NULL)) + || !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[2].mac)) + goto err; + + ret = 1; +err: + CMAC_CTX_free(ctx); + return ret; +} + +static int test_cmac_copy(void) +{ + char *p; + CMAC_CTX *ctx = NULL, *ctx2 = NULL; + unsigned char buf[AES_BLOCK_SIZE]; + size_t len; + int ret = 0; + + ctx = CMAC_CTX_new(); + ctx2 = CMAC_CTX_new(); + if (!TEST_ptr(ctx) || !TEST_ptr(ctx2)) + goto err; + + if (!TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, + EVP_aes_128_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) + || !TEST_true(CMAC_CTX_copy(ctx2, ctx)) + || !TEST_true(CMAC_Final(ctx2, buf, &len))) + goto err; + + p = pt(buf, len); + if (!TEST_str_eq(p, test[0].mac)) + goto err; + + ret = 1; +err: + CMAC_CTX_free(ctx2); + CMAC_CTX_free(ctx); + return ret; +} + +static char *pt(unsigned char *md, unsigned int len) +{ + unsigned int i; + static char buf[80]; + + for (i = 0; i < len; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return buf; +} + +int setup_tests(void) +{ + ADD_TEST(test_cmac_bad); + ADD_TEST(test_cmac_run); + ADD_TEST(test_cmac_copy); + return 1; +} + diff --git a/test/recipes/05-test_idea.t b/test/recipes/05-test_cmac.t similarity index 89% copy from test/recipes/05-test_idea.t copy to test/recipes/05-test_cmac.t index 1b0fe3532e..499f713f93 100644 --- a/test/recipes/05-test_idea.t +++ b/test/recipes/05-test_cmac.t @@ -9,4 +9,4 @@ use OpenSSL::Test::Simple; -simple_test("test_idea", "ideatest", "idea"); +simple_test("test_cmac", "cmactest", "cmac"); From builds at travis-ci.com Sat Jun 6 10:42:05 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 06 Jun 2020 10:42:05 +0000 Subject: Fixed: openssl/openssl#35311 (master - f5e23fe) In-Reply-To: Message-ID: <5edb72fd3df04_13fa5e61c11fc192514@travis-pro-tasks-b57d9bdf8-gmjkd.mail> Build Update for openssl/openssl ------------------------------------- Build: #35311 Status: Fixed Duration: 1 hr, 38 mins, and 16 secs Commit: f5e23fe (master) Author: Richard Levitte Message: APPS: Remove unnecessary NULL check of uri in load_cert_pass() Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/11873) View the changeset: https://github.com/openssl/openssl/compare/09527c493596...f5e23fe88904 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/170074253?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sat Jun 6 11:49:42 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 06 Jun 2020 11:49:42 +0000 Subject: Fixed: openssl/openssl#35312 (master - 5913152) In-Reply-To: Message-ID: <5edb82d627291_13fa5e61c03b0261120@travis-pro-tasks-b57d9bdf8-gmjkd.mail> Build Update for openssl/openssl ------------------------------------- Build: #35312 Status: Fixed Duration: 1 hr, 27 mins, and 57 secs Commit: 5913152 (master) Author: Dr. David von Oheimb Message: Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake() Also documents that they meanwhile try all IP addresses resolved for a given domain name Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12017) View the changeset: https://github.com/openssl/openssl/compare/f5e23fe88904...591315297ec4 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/170076064?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Wed Jun 10 16:40:41 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 10 Jun 2020 16:40:41 +0000 Subject: Errored: openssl/openssl#35389 (master - 498e807) In-Reply-To: Message-ID: <5ee10d08e780b_13fd42aab9e2c1178e0@travis-pro-tasks-845754d57c-75vbf.mail> Build Update for openssl/openssl ------------------------------------- Build: #35389 Status: Errored Duration: 7 hrs, 4 mins, and 55 secs Commit: 498e807 (master) Author: Dr. David von Oheimb Message: Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c Reviewed-by: Matt Caswell Reviewed-by: Bernd Edlinger Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12042) View the changeset: https://github.com/openssl/openssl/compare/8bf37709a471...498e807ed257 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/170654917?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Wed Jun 10 17:54:04 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Wed, 10 Jun 2020 17:54:04 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1591811644.205548.14555.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 5bd03afcbe6e6fd7dba2d85d5c67a5a0140b4a7d (commit) from 0fef6d55d379bc6dacf05713c38f3ec81957ea69 (commit) - Log ----------------------------------------------------------------- commit 5bd03afcbe6e6fd7dba2d85d5c67a5a0140b4a7d Author: Nicola Tuveri Date: Sun Jun 7 18:00:33 2020 +0300 Test genpkey app for EC keygen with various args This commit adds a new recipe to test EC key generation with the `genpkey` CLI app. For each built-in curve, it tests key generation with text output, in PEM and in DER format, using `explicit` and `named_curve` for parameters encoding. The list of built-in curves is static at the moment, as this allows to differentiate between prime curves and binary curves to avoid failing when ec2m is disabled. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/12085) ----------------------------------------------------------------------- Summary of changes: test/recipes/15-test_genec.t | 179 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) create mode 100644 test/recipes/15-test_genec.t diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t new file mode 100644 index 0000000000..b778d6f536 --- /dev/null +++ b/test/recipes/15-test_genec.t @@ -0,0 +1,179 @@ +#! /usr/bin/env perl +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test::Utils; + +setup("test_genec"); + +plan skip_all => "This test is unsupported in a no-ec build" + if disabled("ec"); + +my @prime_curves = qw( + secp112r1 + secp112r2 + secp128r1 + secp128r2 + secp160k1 + secp160r1 + secp160r2 + secp192k1 + secp224k1 + secp224r1 + secp256k1 + secp384r1 + secp521r1 + prime192v1 + prime192v2 + prime192v3 + prime239v1 + prime239v2 + prime239v3 + prime256v1 + wap-wsg-idm-ecid-wtls6 + wap-wsg-idm-ecid-wtls7 + wap-wsg-idm-ecid-wtls8 + wap-wsg-idm-ecid-wtls9 + wap-wsg-idm-ecid-wtls12 + brainpoolP160r1 + brainpoolP160t1 + brainpoolP192r1 + brainpoolP192t1 + brainpoolP224r1 + brainpoolP224t1 + brainpoolP256r1 + brainpoolP256t1 + brainpoolP320r1 + brainpoolP320t1 + brainpoolP384r1 + brainpoolP384t1 + brainpoolP512r1 + brainpoolP512t1 +); + +my @binary_curves = qw( + sect113r1 + sect113r2 + sect131r1 + sect131r2 + sect163k1 + sect163r1 + sect163r2 + sect193r1 + sect193r2 + sect233k1 + sect233r1 + sect239k1 + sect283k1 + sect283r1 + sect409k1 + sect409r1 + sect571k1 + sect571r1 + c2pnb163v1 + c2pnb163v2 + c2pnb163v3 + c2pnb176v1 + c2tnb191v1 + c2tnb191v2 + c2tnb191v3 + c2pnb208w1 + c2tnb239v1 + c2tnb239v2 + c2tnb239v3 + c2pnb272w1 + c2pnb304w1 + c2tnb359v1 + c2pnb368w1 + c2tnb431r1 + wap-wsg-idm-ecid-wtls1 + wap-wsg-idm-ecid-wtls3 + wap-wsg-idm-ecid-wtls4 + wap-wsg-idm-ecid-wtls5 + wap-wsg-idm-ecid-wtls10 + wap-wsg-idm-ecid-wtls11 + Oakley-EC2N-3 + Oakley-EC2N-4 +); + +my @other_curves = (); +push(@other_curves, 'SM2') + if !disabled("sm2"); + +my @curve_aliases = qw( + P-192 + P-224 + P-256 + P-384 + P-521 +); +push(@curve_aliases, qw( + B-163 + B-233 + B-283 + B-409 + B-571 + K-163 + K-233 + K-283 + K-409 + K-571 +)) if !disabled("ec2m"); + +my @curve_list = (); +push(@curve_list, @prime_curves); +push(@curve_list, @binary_curves) + if !disabled("ec2m"); +push(@curve_list, @other_curves); +push(@curve_list, @curve_aliases); + +my @params_encodings = ('named_curve', 'explicit'); + +my @output_formats = ('PEM', 'DER'); + +plan tests => scalar(@curve_list) * scalar(@params_encodings) + * (1 + scalar(@output_formats)) # Try listed @output_formats and text output + + 1 # Checking that with no curve it fails + + 1 # Checking that with unknown curve it fails + ; + +foreach my $curvename (@curve_list) { + foreach my $paramenc (@params_encodings) { + ok(run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-text'])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)"); + + foreach my $outform (@output_formats) { + my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform; + ok(run(app([ 'openssl', 'genpkey', '-genparam', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:'.$curvename, + '-pkeyopt', 'ec_param_enc:'.$paramenc, + '-outform', $outform, + '-out', $outfile])), + "genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})"); + } + } +} + +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC'])), + "genpkey EC with no params should fail"); + +ok(!run(app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])), + "genpkey EC with unknown curve name should fail"); From no-reply at appveyor.com Thu Jun 11 00:34:11 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Jun 2020 00:34:11 +0000 Subject: Build failed: openssl master.34854 Message-ID: <20200611003411.1.46987950905662E6@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Thu Jun 11 01:15:08 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 11 Jun 2020 01:15:08 +0000 Subject: [openssl] master update Message-ID: <1591838108.340802.27742.nullmailer@dev.openssl.org> The branch master has been updated via 765d04c9460a304c8119f57941341a149498b9db (commit) from 5cff2df8cedd7b8185756df216f16a213fb22637 (commit) - Log ----------------------------------------------------------------- commit 765d04c9460a304c8119f57941341a149498b9db Author: Pauli Date: Tue Jun 9 09:10:41 2020 +1000 kdf: make function naming consistent. The EVP_KDF_CTX_* functions have been relocated to the EVP_KDF_* namespace for consistency. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11996) ----------------------------------------------------------------------- Summary of changes: apps/kdf.c | 6 ++-- crypto/dh/dh_kdf.c | 6 ++-- crypto/ec/ecdh_kdf.c | 6 ++-- crypto/evp/kdf_lib.c | 20 ++++++------- crypto/evp/p5_crpt2.c | 6 ++-- crypto/evp/pbe_scrypt.c | 6 ++-- crypto/evp/pkey_kdf.c | 14 ++++----- doc/man1/openssl-kdf.pod.in | 2 +- doc/man3/EVP_KDF.pod | 40 ++++++++++++------------- doc/man7/EVP_KDF-HKDF.pod | 16 +++++----- doc/man7/EVP_KDF-KB.pod | 20 ++++++------- doc/man7/EVP_KDF-KRB5KDF.pod | 8 ++--- doc/man7/EVP_KDF-PBKDF2.pod | 6 ++-- doc/man7/EVP_KDF-SCRYPT.pod | 16 +++++----- doc/man7/EVP_KDF-SS.pod | 32 ++++++++++---------- doc/man7/EVP_KDF-SSHKDF.pod | 12 ++++---- doc/man7/EVP_KDF-TLS1_PRF.pod | 16 +++++----- doc/man7/EVP_KDF-X942.pod | 18 +++++------ doc/man7/EVP_KDF-X963.pod | 16 +++++----- include/openssl/kdf.h | 12 ++++---- providers/fips/self_test_kats.c | 6 ++-- ssl/t1_enc.c | 8 ++--- ssl/tls13_enc.c | 22 +++++++------- test/evp_kdf_test.c | 66 ++++++++++++++++++++--------------------- test/evp_test.c | 9 +++--- util/libcrypto.num | 12 ++++---- 26 files changed, 201 insertions(+), 200 deletions(-) diff --git a/apps/kdf.c b/apps/kdf.c index 8d11807f5f..dd6cc9255c 100644 --- a/apps/kdf.c +++ b/apps/kdf.c @@ -104,7 +104,7 @@ opthelp: goto opthelp; } - ctx = EVP_KDF_CTX_new(kdf); + ctx = EVP_KDF_new_ctx(kdf); if (ctx == NULL) goto err; @@ -116,7 +116,7 @@ opthelp: if (params == NULL) goto err; - if (!EVP_KDF_CTX_set_params(ctx, params)) { + if (!EVP_KDF_set_ctx_params(ctx, params)) { BIO_printf(bio_err, "KDF parameter error\n"); ERR_print_errors(bio_err); ok = 0; @@ -161,7 +161,7 @@ err: OPENSSL_clear_free(dkm_bytes, dkm_len); sk_OPENSSL_STRING_free(opts); EVP_KDF_free(kdf); - EVP_KDF_CTX_free(ctx); + EVP_KDF_free_ctx(ctx); BIO_free(out); OPENSSL_free(hexout); return ret; diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index 1b8a320db1..50a1df858a 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -46,7 +46,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, return 0; kdf = EVP_KDF_fetch(provctx, OSSL_KDF_NAME_X942KDF, NULL); - if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL) + if ((kctx = EVP_KDF_new_ctx(kdf)) == NULL) goto err; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)mdname, 0); @@ -58,10 +58,10 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, (char *)oid_sn, 0); *p = OSSL_PARAM_construct_end(); - ret = EVP_KDF_CTX_set_params(kctx, params) > 0 + ret = EVP_KDF_set_ctx_params(kctx, params) > 0 && EVP_KDF_derive(kctx, out, outlen) > 0; err: - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); EVP_KDF_free(kdf); return ret; } diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index fb501c6ada..a502846d55 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -32,7 +32,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const char *mdname = EVP_MD_name(md); EVP_KDF *kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_X963KDF, NULL); - if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) { + if ((kctx = EVP_KDF_new_ctx(kdf)) != NULL) { *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, @@ -41,9 +41,9 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, (void *)sinfo, sinfolen); *p = OSSL_PARAM_construct_end(); - ret = EVP_KDF_CTX_set_params(kctx, params) > 0 + ret = EVP_KDF_set_ctx_params(kctx, params) > 0 && EVP_KDF_derive(kctx, out, outlen) > 0; - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); } EVP_KDF_free(kdf); return ret; diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index d22bb39c82..2461498093 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -23,7 +23,7 @@ #include "internal/provider.h" #include "evp_local.h" -EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf) +EVP_KDF_CTX *EVP_KDF_new_ctx(EVP_KDF *kdf) { EVP_KDF_CTX *ctx = NULL; @@ -34,7 +34,7 @@ EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf) if (ctx == NULL || (ctx->data = kdf->newctx(ossl_provider_ctx(kdf->prov))) == NULL || !EVP_KDF_up_ref(kdf)) { - EVPerr(EVP_F_EVP_KDF_CTX_NEW, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); if (ctx != NULL) kdf->freectx(ctx->data); OPENSSL_free(ctx); @@ -45,7 +45,7 @@ EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf) return ctx; } -void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx) +void EVP_KDF_free_ctx(EVP_KDF_CTX *ctx) { if (ctx != NULL) { ctx->meth->freectx(ctx->data); @@ -55,7 +55,7 @@ void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx) } } -EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src) +EVP_KDF_CTX *EVP_KDF_dup_ctx(const EVP_KDF_CTX *src) { EVP_KDF_CTX *dst; @@ -64,20 +64,20 @@ EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src) dst = OPENSSL_malloc(sizeof(*dst)); if (dst == NULL) { - EVPerr(EVP_F_EVP_KDF_CTX_DUP, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; } memcpy(dst, src, sizeof(*dst)); if (!EVP_KDF_up_ref(dst->meth)) { - EVPerr(EVP_F_EVP_KDF_CTX_DUP, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); OPENSSL_free(dst); return NULL; } dst->data = src->meth->dupctx(src->data); if (dst->data == NULL) { - EVP_KDF_CTX_free(dst); + EVP_KDF_free_ctx(dst); return NULL; } return dst; @@ -98,7 +98,7 @@ const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf) return kdf->prov; } -const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx) +const EVP_KDF *EVP_KDF_get_ctx_kdf(EVP_KDF_CTX *ctx) { return ctx->meth; } @@ -151,14 +151,14 @@ int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]) return 1; } -int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]) +int EVP_KDF_get_ctx_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]) { if (ctx->meth->get_ctx_params != NULL) return ctx->meth->get_ctx_params(ctx->data, params); return 1; } -int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]) +int EVP_KDF_set_ctx_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]) { if (ctx->meth->set_ctx_params != NULL) return ctx->meth->set_ctx_params(ctx->data, params); diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 6e89ffd999..e2f7734afc 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -41,7 +41,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, salt = (unsigned char *)empty; kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); if (kctx == NULL) return 0; @@ -54,11 +54,11 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)mdname, 0); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) != 1 + if (EVP_KDF_set_ctx_params(kctx, params) != 1 || EVP_KDF_derive(kctx, out, keylen) != 1) rv = 0; - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); OSSL_TRACE_BEGIN(PKCS5V2) { BIO_printf(trc_out, "Password:\n"); diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c index 62b9687949..5081b85c8d 100644 --- a/crypto/evp/pbe_scrypt.c +++ b/crypto/evp/pbe_scrypt.c @@ -63,7 +63,7 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, maxmem = SCRYPT_MAX_MEM; kdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_SCRYPT, NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); if (kctx == NULL) return 0; @@ -78,11 +78,11 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_P, &p); *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem); *z = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) != 1 + if (EVP_KDF_set_ctx_params(kctx, params) != 1 || EVP_KDF_derive(kctx, key, keylen) != 1) rv = 0; - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return rv; } diff --git a/crypto/evp/pkey_kdf.c b/crypto/evp/pkey_kdf.c index ac4a0fa461..dff16bfd41 100644 --- a/crypto/evp/pkey_kdf.c +++ b/crypto/evp/pkey_kdf.c @@ -50,7 +50,7 @@ static int pkey_kdf_init(EVP_PKEY_CTX *ctx) return 0; kdf = EVP_KDF_fetch(NULL, kdf_name, NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); if (kctx == NULL) { OPENSSL_free(pkctx); @@ -66,7 +66,7 @@ static void pkey_kdf_cleanup(EVP_PKEY_CTX *ctx) { EVP_PKEY_KDF_CTX *pkctx = ctx->data; - EVP_KDF_CTX_free(pkctx->kctx); + EVP_KDF_free_ctx(pkctx->kctx); pkey_kdf_free_collected(pkctx); OPENSSL_free(pkctx); } @@ -202,7 +202,7 @@ static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) break; } - return EVP_KDF_CTX_set_params(kctx, params); + return EVP_KDF_set_ctx_params(kctx, params); } static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, @@ -210,7 +210,7 @@ static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, { EVP_PKEY_KDF_CTX *pkctx = ctx->data; EVP_KDF_CTX *kctx = pkctx->kctx; - const EVP_KDF *kdf = EVP_KDF_CTX_kdf(kctx); + const EVP_KDF *kdf = EVP_KDF_get_ctx_kdf(kctx); BUF_MEM **collector = NULL; const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(kdf); OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; @@ -239,7 +239,7 @@ static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, if (collector != NULL) ok = collect(collector, params[0].data, params[0].data_size); else - ok = EVP_KDF_CTX_set_params(kctx, params); + ok = EVP_KDF_set_ctx_params(kctx, params); OPENSSL_free(params[0].data); return ok; } @@ -274,7 +274,7 @@ static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, pkctx->collected_seed->data, pkctx->collected_seed->length); - r = EVP_KDF_CTX_set_params(kctx, params); + r = EVP_KDF_set_ctx_params(kctx, params); pkey_kdf_free_collected(pkctx); if (!r) return 0; @@ -287,7 +287,7 @@ static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, pkctx->collected_info->data, pkctx->collected_info->length); - r = EVP_KDF_CTX_set_params(kctx, params); + r = EVP_KDF_set_ctx_params(kctx, params); pkey_kdf_free_collected(pkctx); if (!r) return 0; diff --git a/doc/man1/openssl-kdf.pod.in b/doc/man1/openssl-kdf.pod.in index 9c585325ba..e92eee27ba 100644 --- a/doc/man1/openssl-kdf.pod.in +++ b/doc/man1/openssl-kdf.pod.in @@ -46,7 +46,7 @@ Output the derived key in binary form. Uses hexadecimal text format if not speci Passes options to the KDF algorithm. A comprehensive list of parameters can be found in the EVP_KDF_CTX implementation documentation. -Common parameter names used by EVP_KDF_CTX_set_params() are: +Common parameter names used by EVP_KDF_set_ctx_params() are: =over 4 diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 8893a20302..7d6228a73d 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -3,11 +3,11 @@ =head1 NAME EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, -EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, +EVP_KDF_CTX, EVP_KDF_new_ctx, EVP_KDF_free_ctx, EVP_KDF_dup_ctx, EVP_KDF_reset, EVP_KDF_derive, -EVP_KDF_size, EVP_KDF_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, +EVP_KDF_size, EVP_KDF_provider, EVP_KDF_get_ctx_kdf, EVP_KDF_is_a, EVP_KDF_number, EVP_KDF_names_do_all, -EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided, +EVP_KDF_get_ctx_params, EVP_KDF_set_ctx_params, EVP_KDF_do_all_provided, EVP_KDF_get_params, EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params, EVP_KDF_gettable_params - EVP KDF routines @@ -18,10 +18,10 @@ EVP_KDF_gettable_params - EVP KDF routines typedef struct evp_kdf_st EVP_KDF; typedef struct evp_kdf_ctx_st EVP_KDF_CTX; - EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); - const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); - void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); - EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); + EVP_KDF_CTX *EVP_KDF_new_ctx(const EVP_KDF *kdf); + const EVP_KDF *EVP_KDF_get_ctx_kdf(EVP_KDF_CTX *ctx); + void EVP_KDF_free_ctx(EVP_KDF_CTX *ctx); + EVP_KDF_CTX *EVP_KDF_dup_ctx(const EVP_KDF_CTX *src); void EVP_KDF_reset(EVP_KDF_CTX *ctx); size_t EVP_KDF_size(EVP_KDF_CTX *ctx); int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); @@ -39,8 +39,8 @@ EVP_KDF_gettable_params - EVP KDF routines void (*fn)(const char *name, void *data), void *data); int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); - int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); - int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); + int EVP_KDF_get_ctx_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); + int EVP_KDF_set_ctx_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); @@ -52,8 +52,8 @@ The EVP KDF routines are a high level interface to Key Derivation Function algorithms and should be used instead of algorithm-specific functions. After creating a B for the required algorithm using -EVP_KDF_CTX_new(), inputs to the algorithm are supplied -using calls to EVP_KDF_CTX_set_params() before +EVP_KDF_new_ctx(), inputs to the algorithm are supplied +using calls to EVP_KDF_set_ctx_params() before calling EVP_KDF_derive() to derive the key. =head2 Types @@ -82,12 +82,12 @@ NULL is a valid parameter, for which this function is a no-op. =head2 Context manipulation functions -EVP_KDF_CTX_new() creates a new context for the KDF implementation I. +EVP_KDF_new_ctx() creates a new context for the KDF implementation I. -EVP_KDF_CTX_free() frees up the context I. If I is NULL, nothing +EVP_KDF_free_ctx() frees up the context I. If I is NULL, nothing is done. -EVP_KDF_CTX_kdf() returns the B associated with the context +EVP_KDF_get_ctx_kdf() returns the B associated with the context I. =head2 Computing functions @@ -107,14 +107,14 @@ parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_KDF_CTX_get_params() retrieves chosen parameters, given the +EVP_KDF_get_ctx_params() retrieves chosen parameters, given the context I and its underlying context. The set of parameters given with I determine exactly what parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_KDF_CTX_set_params() passes chosen parameters to the underlying +EVP_KDF_set_ctx_params() passes chosen parameters to the underlying context, given a context I. The set of parameters given with I determine exactly what parameters are passed down. @@ -126,8 +126,8 @@ defined by the implementation. EVP_KDF_gettable_params(), EVP_KDF_gettable_ctx_params() and EVP_KDF_settable_ctx_params() get a constant B array that describes the retrievable and settable parameters, i.e. parameters that -can be used with EVP_KDF_get_params(), EVP_KDF_CTX_get_params() -and EVP_KDF_CTX_set_params(), respectively. +can be used with EVP_KDF_get_params(), EVP_KDF_get_ctx_params() +and EVP_KDF_set_ctx_params(), respectively. See L for the use of B as parameter descriptor. =head2 Information functions @@ -237,10 +237,10 @@ NULL on error. EVP_KDF_up_ref() returns 1 on success, 0 on error. -EVP_KDF_CTX_new() returns either the newly allocated +EVP_KDF_new_ctx() returns either the newly allocated B structure or NULL if an error occurred. -EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value. +EVP_KDF_free_ctx() and EVP_KDF_reset() do not return a value. EVP_KDF_size() returns the output size. B is returned to indicate that the algorithm produces a variable amount of output; 0 to indicate failure. diff --git a/doc/man7/EVP_KDF-HKDF.pod b/doc/man7/EVP_KDF-HKDF.pod index 6a4c7eb860..f0bcd91e85 100644 --- a/doc/man7/EVP_KDF-HKDF.pod +++ b/doc/man7/EVP_KDF-HKDF.pod @@ -87,7 +87,7 @@ an error will occur. A context for HKDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HKDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); The output length of an HKDF expand operation is specified via the I parameter to the L function. When using @@ -107,7 +107,7 @@ salt value "salt" and info value "label": OSSL_PARAM params[5], *p = params; kdf = EVP_KDF_fetch(NULL, "HKDF", NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -119,14 +119,14 @@ salt value "salt" and info value "label": *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, "salt", (size_t)4); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { - error("EVP_KDF_CTX_set_params"); + if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { + error("EVP_KDF_set_ctx_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); =head1 CONFORMING TO @@ -135,10 +135,10 @@ RFC 5869 =head1 SEE ALSO L, -L, -L, +L, +L, L, -L, +L, L, L diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod index 8a84a3d044..d31a1ce0eb 100644 --- a/doc/man7/EVP_KDF-KB.pod +++ b/doc/man7/EVP_KDF-KB.pod @@ -57,7 +57,7 @@ Depending on whether mac is CMAC or HMAC, either digest or cipher is required A context for KBKDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); The output length of an KBKDF is specified via the C parameter to the L function. @@ -76,7 +76,7 @@ Label "label", and Context "context". OSSL_PARAM params[6], *p = params; kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -90,12 +90,12 @@ Label "label", and Context "context". *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, "context", strlen("context")); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) <= 0) - error("EVP_KDF_CTX_set_params"); + if (EVP_KDF_set_ctx_params(kctx, params) <= 0) + error("EVP_KDF_set_ctx_params"); else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) error("EVP_KDF_derive"); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); This example derives 10 bytes using FEEDBACK-CMAC-AES256, with KI "secret", Label "label", and IV "sixteen bytes iv". @@ -107,7 +107,7 @@ Label "label", and IV "sixteen bytes iv". unsigned char *iv = "sixteen bytes iv"; kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, "AES256", 0); @@ -122,12 +122,12 @@ Label "label", and IV "sixteen bytes iv". *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, iv, strlen(iv)); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) <= 0) - error("EVP_KDF_CTX_set_params"); + if (EVP_KDF_set_ctx_params(kctx, params) <= 0) + error("EVP_KDF_set_ctx_params"); else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) error("EVP_KDF_derive"); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); =head1 CONFORMING TO @@ -136,7 +136,7 @@ NIST SP800-108, IETF RFC 6803, IETF RFC 8009. =head1 SEE ALSO L, -L, +L, L, L, L diff --git a/doc/man7/EVP_KDF-KRB5KDF.pod b/doc/man7/EVP_KDF-KRB5KDF.pod index 071cb4e8e4..192ca3f34b 100644 --- a/doc/man7/EVP_KDF-KRB5KDF.pod +++ b/doc/man7/EVP_KDF-KRB5KDF.pod @@ -44,7 +44,7 @@ If a value is already set, the contents are replaced. A context for KRB5KDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); The output length of the KRB5KDF derivation is specified via the I parameter to the L function, and MUST match the key @@ -70,7 +70,7 @@ This example derives a key using the AES-128-CBC cipher: OSSL_PARAM params[4], *p = params; kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, @@ -87,7 +87,7 @@ This example derives a key using the AES-128-CBC cipher: if (EVP_KDF_derive(kctx, out, outlen) <= 0) /* Error */ - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); =head1 CONFORMING TO @@ -96,7 +96,7 @@ RFC 3961 =head1 SEE ALSO L, -L, +L, L, L, L, diff --git a/doc/man7/EVP_KDF-PBKDF2.pod b/doc/man7/EVP_KDF-PBKDF2.pod index 43d074bdcc..270d50bc80 100644 --- a/doc/man7/EVP_KDF-PBKDF2.pod +++ b/doc/man7/EVP_KDF-PBKDF2.pod @@ -82,9 +82,9 @@ SP800-132 =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L diff --git a/doc/man7/EVP_KDF-SCRYPT.pod b/doc/man7/EVP_KDF-SCRYPT.pod index 1459d07cfa..db54aa48c0 100644 --- a/doc/man7/EVP_KDF-SCRYPT.pod +++ b/doc/man7/EVP_KDF-SCRYPT.pod @@ -66,7 +66,7 @@ Both r and p are parameters of type B. A context for scrypt can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); The output length of an scrypt key derivation is specified via the "keylen" parameter to the L function. @@ -82,7 +82,7 @@ This example derives a 64-byte long test vector using scrypt with the password OSSL_PARAM params[6], *p = params; kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, @@ -93,8 +93,8 @@ This example derives a 64-byte long test vector using scrypt with the password *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_R, (uint32_t)8); *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_P, (uint32_t)16); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { - error("EVP_KDF_CTX_set_params"); + if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { + error("EVP_KDF_set_ctx_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); @@ -115,7 +115,7 @@ This example derives a 64-byte long test vector using scrypt with the password assert(!memcmp(out, expected, sizeof(out))); } - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); =head1 CONFORMING TO @@ -124,9 +124,9 @@ RFC 7914 =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L diff --git a/doc/man7/EVP_KDF-SS.pod b/doc/man7/EVP_KDF-SS.pod index 2281cc3cb7..e8915fb699 100644 --- a/doc/man7/EVP_KDF-SS.pod +++ b/doc/man7/EVP_KDF-SS.pod @@ -66,7 +66,7 @@ This parameter sets an optional value for fixedinfo, also known as otherinfo. A context for SSKDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); The output length of an SSKDF is specified via the I parameter to the L function. @@ -82,7 +82,7 @@ and fixedinfo value "label": OSSL_PARAM params[4], *p = params; kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -92,14 +92,14 @@ and fixedinfo value "label": *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, "label", (size_t)5); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { - error("EVP_KDF_CTX_set_params"); + if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { + error("EVP_KDF_set_ctx_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); This example derives 10 bytes using H(x) = HMAC(SHA-256), with the secret key "secret", fixedinfo value "label" and salt "salt": @@ -110,7 +110,7 @@ fixedinfo value "label" and salt "salt": OSSL_PARAM params[6], *p = params; kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, @@ -124,14 +124,14 @@ fixedinfo value "label" and salt "salt": *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, "salt", (size_t)4); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { - error("EVP_KDF_CTX_set_params"); + if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { + error("EVP_KDF_set_ctx_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with the secret key "secret" fixedinfo value "label", salt of "salt" and KMAC outlen of 20: @@ -142,7 +142,7 @@ fixedinfo value "label", salt of "salt" and KMAC outlen of 20: OSSL_PARAM params[7], *p = params; kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, @@ -157,14 +157,14 @@ fixedinfo value "label", salt of "salt" and KMAC outlen of 20: "salt", (size_t)4); *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { - error("EVP_KDF_CTX_set_params"); + if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { + error("EVP_KDF_set_ctx_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); =head1 CONFORMING TO @@ -173,9 +173,9 @@ NIST SP800-56Cr1. =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L, L diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod index e91858c051..f71457211a 100644 --- a/doc/man7/EVP_KDF-SSHKDF.pod +++ b/doc/man7/EVP_KDF-SSHKDF.pod @@ -87,7 +87,7 @@ A single char of value 70 (ASCII char 'F'). A context for SSHKDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); The output length of the SSHKDF derivation is specified via the I parameter to the L function. @@ -111,7 +111,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate OSSL_PARAM params[6], *p = params; kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -125,7 +125,7 @@ This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE, EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) <= 0) + if (EVP_KDF_set_ctx_params(kctx, params) <= 0) /* Error */ if (EVP_KDF_derive(kctx, out, &outlen) <= 0) @@ -139,9 +139,9 @@ RFC 4253 =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L, L diff --git a/doc/man7/EVP_KDF-TLS1_PRF.pod b/doc/man7/EVP_KDF-TLS1_PRF.pod index d6c736555f..94597111e6 100644 --- a/doc/man7/EVP_KDF-TLS1_PRF.pod +++ b/doc/man7/EVP_KDF-TLS1_PRF.pod @@ -51,7 +51,7 @@ this should be more than enough for any normal use of the TLS PRF. A context for the TLS PRF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); The digest, secret value and seed must be set before a key is derived otherwise an error will occur. @@ -70,7 +70,7 @@ and seed value "seed": OSSL_PARAM params[4], *p = params; kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -80,13 +80,13 @@ and seed value "seed": *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, "seed", (size_t)4); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { - error("EVP_KDF_CTX_set_params"); + if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { + error("EVP_KDF_set_ctx_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); =head1 CONFORMING TO @@ -95,9 +95,9 @@ RFC 2246, RFC 5246 and NIST SP 800-135 r1 =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L diff --git a/doc/man7/EVP_KDF-X942.pod b/doc/man7/EVP_KDF-X942.pod index c88d2f5288..0dc1b38856 100644 --- a/doc/man7/EVP_KDF-X942.pod +++ b/doc/man7/EVP_KDF-X942.pod @@ -49,7 +49,7 @@ This parameter sets the CEK wrapping algorithm name. A context for X942KDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); The output length of an X942KDF is specified via the I parameter to the L function. @@ -71,9 +71,9 @@ keying material: kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); if (kctx == NULL) error("EVP_KDF_fetch"); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); if (kctx == NULL) - error("EVP_KDF_CTX_new"); + error("EVP_KDF_new_ctx"); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -85,12 +85,12 @@ keying material: SN_id_smime_alg_CMS3DESwrap, strlen(SN_id_smime_alg_CMS3DESwrap)); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) <= 0) - error("EVP_KDF_CTX_set_params"); + if (EVP_KDF_set_ctx_params(kctx, params) <= 0) + error("EVP_KDF_set_ctx_params"); if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) error("EVP_KDF_derive"); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); =head1 CONFORMING TO @@ -99,9 +99,9 @@ RFC 2631 =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L, L diff --git a/doc/man7/EVP_KDF-X963.pod b/doc/man7/EVP_KDF-X963.pod index 0248869a57..11645725fc 100644 --- a/doc/man7/EVP_KDF-X963.pod +++ b/doc/man7/EVP_KDF-X963.pod @@ -46,7 +46,7 @@ X963KDF appends the counter to the secret, whereas SSKDF prepends the counter. A context for X963KDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL); - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); The output length of an X963KDF is specified via the I parameter to the L function. @@ -62,7 +62,7 @@ value "label": OSSL_PARAM params[4], *p = params; kdf = EVP_KDF_fetch(NULL, "X963KDF", NULL); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, @@ -72,14 +72,14 @@ value "label": *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, "label", (size_t)5); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { - error("EVP_KDF_CTX_set_params"); + if (EVP_KDF_set_ctx_params(kctx, params) <= 0) { + error("EVP_KDF_set_ctx_params"); } if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { error("EVP_KDF_derive"); } - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); =head1 CONFORMING TO @@ -88,9 +88,9 @@ value "label": =head1 SEE ALSO L, -L, -L, -L, +L, +L, +L, L, L, L diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index d8f81c9c4d..228214cd5a 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -30,20 +30,20 @@ void EVP_KDF_free(EVP_KDF *kdf); EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm, const char *properties); -EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); -void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); -EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); +EVP_KDF_CTX *EVP_KDF_new_ctx(EVP_KDF *kdf); +void EVP_KDF_free_ctx(EVP_KDF_CTX *ctx); +EVP_KDF_CTX *EVP_KDF_dup_ctx(const EVP_KDF_CTX *src); int EVP_KDF_number(const EVP_KDF *kdf); int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); -const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); +const EVP_KDF *EVP_KDF_get_ctx_kdf(EVP_KDF_CTX *ctx); void EVP_KDF_reset(EVP_KDF_CTX *ctx); size_t EVP_KDF_size(EVP_KDF_CTX *ctx); int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); -int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); -int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); +int EVP_KDF_get_ctx_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); +int EVP_KDF_set_ctx_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 5ef4474a1c..6b75f12e5c 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -204,7 +204,7 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st, if (kdf == NULL) goto err; - ctx = EVP_KDF_CTX_new(kdf); + ctx = EVP_KDF_new_ctx(kdf); if (ctx == NULL) goto err; @@ -216,7 +216,7 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st, params = OSSL_PARAM_BLD_to_param(bld); if (params == NULL) goto err; - if (!EVP_KDF_CTX_set_params(ctx, params)) + if (!EVP_KDF_set_ctx_params(ctx, params)) goto err; if (t->expected_len > sizeof(out)) @@ -232,7 +232,7 @@ static int self_test_kdf(const ST_KAT_KDF *t, OSSL_SELF_TEST *st, ret = 1; err: EVP_KDF_free(kdf); - EVP_KDF_CTX_free(ctx); + EVP_KDF_free_ctx(ctx); BN_CTX_free(bnctx); OSSL_PARAM_BLD_free_params(params); OSSL_PARAM_BLD_free(bld); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 108c7f1640..e929121cd2 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -49,7 +49,7 @@ static int tls1_PRF(SSL *s, kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_TLS1_PRF, s->ctx->propq); if (kdf == NULL) goto err; - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); if (kctx == NULL) goto err; @@ -70,9 +70,9 @@ static int tls1_PRF(SSL *s, *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, (void *)seed5, (size_t)seed5_len); *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_CTX_set_params(kctx, params) + if (EVP_KDF_set_ctx_params(kctx, params) && EVP_KDF_derive(kctx, out, olen)) { - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return 1; } @@ -82,7 +82,7 @@ static int tls1_PRF(SSL *s, ERR_R_INTERNAL_ERROR); else SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return 0; } diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index ba385f6ea2..cf8e42c97e 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -57,7 +57,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, + 1 + EVP_MAX_MD_SIZE]; WPACKET pkt; - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); if (kctx == NULL) return 0; @@ -73,7 +73,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, */ SSLerr(SSL_F_TLS13_HKDF_EXPAND, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL); } - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return 0; } @@ -88,7 +88,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen) || !WPACKET_get_total_written(&pkt, &hkdflabellen) || !WPACKET_finish(&pkt)) { - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); WPACKET_cleanup(&pkt); if (fatal) SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND, @@ -107,10 +107,10 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, hkdflabel, hkdflabellen); *p++ = OSSL_PARAM_construct_end(); - ret = EVP_KDF_CTX_set_params(kctx, params) <= 0 + ret = EVP_KDF_set_ctx_params(kctx, params) <= 0 || EVP_KDF_derive(kctx, out, outlen) <= 0; - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); if (ret != 0) { if (fatal) @@ -198,7 +198,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, unsigned char preextractsec[EVP_MAX_MD_SIZE]; kdf = EVP_KDF_fetch(s->ctx->libctx, OSSL_KDF_NAME_HKDF, s->ctx->propq); - kctx = EVP_KDF_CTX_new(kdf); + kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); if (kctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, @@ -211,7 +211,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, if (!ossl_assert(mdleni >= 0)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, ERR_R_INTERNAL_ERROR); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return 0; } mdlen = (size_t)mdleni; @@ -234,7 +234,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, ERR_R_INTERNAL_ERROR); EVP_MD_CTX_free(mctx); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return 0; } EVP_MD_CTX_free(mctx); @@ -245,7 +245,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, sizeof(derived_secret_label) - 1, hash, mdlen, preextractsec, mdlen, 1)) { /* SSLfatal() already called */ - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return 0; } @@ -264,14 +264,14 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, prevsecretlen); *p++ = OSSL_PARAM_construct_end(); - ret = EVP_KDF_CTX_set_params(kctx, params) <= 0 + ret = EVP_KDF_set_ctx_params(kctx, params) <= 0 || EVP_KDF_derive(kctx, outsecret, mdlen) <= 0; if (ret != 0) SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, ERR_R_INTERNAL_ERROR); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); if (prevsecret == preextractsec) OPENSSL_cleanse(preextractsec, mdlen); return ret == 0; diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index 5d807cd533..9a7221df66 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -21,7 +21,7 @@ static EVP_KDF_CTX *get_kdfbyname(const char *name) { EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL); - EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_CTX *kctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); return kctx; @@ -50,11 +50,11 @@ static int test_kdf_tls1_prf(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } @@ -80,11 +80,11 @@ static int test_kdf_hkdf(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } @@ -121,10 +121,10 @@ static int test_kdf_pbkdf2(void) *p = OSSL_PARAM_construct_end(); if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) - || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + || !TEST_true(EVP_KDF_set_ctx_params(kctx, params)) || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)) - || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + || !TEST_true(EVP_KDF_set_ctx_params(kctx, params)) /* A key length that is too small should fail */ || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0) /* A key length that is too large should fail */ @@ -156,7 +156,7 @@ static int test_kdf_pbkdf2(void) #endif ret = 1; err: - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } @@ -191,15 +191,15 @@ static int test_kdf_scrypt(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) /* failure test *//* && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/ && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, p - 1)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } #endif /* OPENSSL_NO_SCRYPT */ @@ -235,11 +235,11 @@ static int test_kdf_ss_hash(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } @@ -289,11 +289,11 @@ static int test_kdf_x963(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } @@ -345,11 +345,11 @@ static int test_kdf_kbkdf_6803_128(void) kctx = get_kdfbyname("KBKDF"); ret = TEST_ptr(kctx) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) && TEST_mem_eq(result, sizeof(result), outputs[i], sizeof(outputs[i])); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); if (ret != 1) return ret; } @@ -411,11 +411,11 @@ static int test_kdf_kbkdf_6803_256(void) kctx = get_kdfbyname("KBKDF"); ret = TEST_ptr(kctx) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) && TEST_mem_eq(result, sizeof(result), outputs[i], sizeof(outputs[i])); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); if (ret != 1) return ret; } @@ -459,11 +459,11 @@ static int test_kdf_kbkdf_8009_prf1(void) kctx = get_kdfbyname("KBKDF"); ret = TEST_ptr(kctx) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } @@ -504,11 +504,11 @@ static int test_kdf_kbkdf_8009_prf2(void) kctx = get_kdfbyname("KBKDF"); ret = TEST_ptr(kctx) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } @@ -547,11 +547,11 @@ static int test_kdf_ss_hmac(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } @@ -593,11 +593,11 @@ static int test_kdf_ss_kmac(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } @@ -651,11 +651,11 @@ static int test_kdf_sshkdf(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } @@ -725,11 +725,11 @@ static int test_kdf_x942_asn1(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } #endif /* OPENSSL_NO_CMS */ @@ -763,11 +763,11 @@ static int test_kdf_krb5kdf(void) ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF)) - && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_true(EVP_KDF_set_ctx_params(kctx, params)) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); - EVP_KDF_CTX_free(kctx); + EVP_KDF_free_ctx(kctx); return ret; } diff --git a/test/evp_test.c b/test/evp_test.c index 6ed5bafba6..198c27ea5f 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2095,7 +2095,7 @@ static int kdf_test_init(EVP_TEST *t, const char *name) OPENSSL_free(kdata); return 0; } - kdata->ctx = EVP_KDF_CTX_new(kdf); + kdata->ctx = EVP_KDF_new_ctx(kdf); EVP_KDF_free(kdf); if (kdata->ctx == NULL) { OPENSSL_free(kdata); @@ -2113,7 +2113,7 @@ static void kdf_test_cleanup(EVP_TEST *t) for (p = kdata->params; p->key != NULL; p++) OPENSSL_free(p->data); OPENSSL_free(kdata->output); - EVP_KDF_CTX_free(kdata->ctx); + EVP_KDF_free_ctx(kdata->ctx); } static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, @@ -2122,7 +2122,8 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, KDF_DATA *kdata = t->data; int rv; char *p, *name; - const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(EVP_KDF_CTX_kdf(kctx)); + const OSSL_PARAM *defs = + EVP_KDF_settable_ctx_params(EVP_KDF_get_ctx_kdf(kctx)); if (!TEST_ptr(name = OPENSSL_strdup(value))) return 0; @@ -2178,7 +2179,7 @@ static int kdf_test_run(EVP_TEST *t) unsigned char *got = NULL; size_t got_len = expected->output_len; - if (!EVP_KDF_CTX_set_params(expected->ctx, expected->params)) { + if (!EVP_KDF_set_ctx_params(expected->ctx, expected->params)) { t->err = "KDF_CTRL_ERROR"; return 1; } diff --git a/util/libcrypto.num b/util/libcrypto.num index a34d467099..339df720e8 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4467,7 +4467,7 @@ ASYNC_WAIT_CTX_set_callback ? 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_set_status ? 3_0_0 EXIST::FUNCTION: ASYNC_WAIT_CTX_get_status ? 3_0_0 EXIST::FUNCTION: ERR_load_ESS_strings ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_free ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_free_ctx ? 3_0_0 EXIST::FUNCTION: EVP_KDF_reset ? 3_0_0 EXIST::FUNCTION: EVP_KDF_size ? 3_0_0 EXIST::FUNCTION: EVP_KDF_derive ? 3_0_0 EXIST::FUNCTION: @@ -4617,8 +4617,8 @@ EVP_CIPHER_up_ref ? 3_0_0 EXIST::FUNCTION: EVP_CIPHER_fetch ? 3_0_0 EXIST::FUNCTION: EVP_CIPHER_mode ? 3_0_0 EXIST::FUNCTION: OPENSSL_info ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_new ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_kdf ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_new_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_get_ctx_kdf ? 3_0_0 EXIST::FUNCTION: i2d_KeyParams ? 3_0_0 EXIST::FUNCTION: d2i_KeyParams ? 3_0_0 EXIST::FUNCTION: i2d_KeyParams_bio ? 3_0_0 EXIST::FUNCTION: @@ -4715,11 +4715,11 @@ EVP_CIPHER_free ? 3_0_0 EXIST::FUNCTION: EVP_KDF_up_ref ? 3_0_0 EXIST::FUNCTION: EVP_KDF_free ? 3_0_0 EXIST::FUNCTION: EVP_KDF_fetch ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_dup ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_dup_ctx ? 3_0_0 EXIST::FUNCTION: EVP_KDF_provider ? 3_0_0 EXIST::FUNCTION: EVP_KDF_get_params ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_get_params ? 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_set_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_get_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_KDF_set_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_KDF_gettable_params ? 3_0_0 EXIST::FUNCTION: EVP_KDF_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_KDF_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: From pauli at openssl.org Thu Jun 11 01:17:00 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Thu, 11 Jun 2020 01:17:00 +0000 Subject: [openssl] master update Message-ID: <1591838220.985782.505.nullmailer@dev.openssl.org> The branch master has been updated via d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a (commit) from 765d04c9460a304c8119f57941341a149498b9db (commit) - Log ----------------------------------------------------------------- commit d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a Author: Pauli Date: Tue Jun 9 08:53:05 2020 +1000 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. Before 3.0 is released, the names are mutable and this prevents more inconsistencies being introduced. There are no functional or code changes. Just the renaming and a little reformatting. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11997) ----------------------------------------------------------------------- Summary of changes: CHANGES.md | 8 ++--- apps/fipsinstall.c | 10 +++--- apps/lib/s_cb.c | 4 +-- apps/mac.c | 6 ++-- crypto/cmac/cm_ameth.c | 4 +-- crypto/crmf/crmf_pbm.c | 6 ++-- crypto/err/openssl.txt | 2 -- crypto/evp/mac_lib.c | 20 +++++------ crypto/evp/p_lib.c | 6 ++-- crypto/evp/pkey_mac.c | 37 +++++++++---------- crypto/modes/siv128.c | 28 +++++++-------- doc/man1/openssl-mac.pod.in | 2 +- doc/man3/EVP_MAC.pod | 46 ++++++++++++------------ doc/man3/HMAC.pod | 2 +- doc/man3/OSSL_PARAM_allocate_from_text.pod | 2 +- doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod | 14 ++++---- doc/man7/EVP_MAC-BLAKE2.pod | 6 ++-- doc/man7/EVP_MAC-CMAC.pod | 6 ++-- doc/man7/EVP_MAC-GMAC.pod | 6 ++-- doc/man7/EVP_MAC-HMAC.pod | 6 ++-- doc/man7/EVP_MAC-KMAC.pod | 6 ++-- doc/man7/EVP_MAC-Poly1305.pod | 6 ++-- doc/man7/EVP_MAC-Siphash.pod | 6 ++-- include/openssl/evp.h | 36 ++----------------- include/openssl/mac.h | 52 +++++++++++++++++++++++++++ providers/common/provider_util.c | 8 ++--- providers/fips/self_test.c | 6 ++-- providers/implementations/kdfs/kbkdf.c | 14 ++++---- providers/implementations/kdfs/sskdf.c | 16 ++++----- providers/implementations/kdfs/tls1_prf.c | 22 ++++++------ ssl/t1_lib.c | 8 ++--- ssl/tls13_enc.c | 6 ++-- test/bad_dtls_test.c | 6 ++-- test/evp_test.c | 6 ++-- test/sslapitest.c | 2 +- util/libcrypto.num | 12 +++---- 36 files changed, 226 insertions(+), 207 deletions(-) create mode 100644 include/openssl/mac.h diff --git a/CHANGES.md b/CHANGES.md index 24fb86fddb..982e677fcc 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -361,8 +361,8 @@ OpenSSL 3.0 and HMAC_CTX_get_md. Use of these low level functions has been informally discouraged for a long - time. Instead applications should use L, - L, L, L + time. Instead applications should use L, + L, L, L and L. *Paul Dale* @@ -385,8 +385,8 @@ OpenSSL 3.0 CMAC_CTX_copy, CMAC_Init, CMAC_Update, CMAC_Final and CMAC_resume. Use of these low level functions has been informally discouraged for a long - time. Instead applications should use L, - L, L, L + time. Instead applications should use L, + L, L, L and L. *Paul Dale* diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index 1eb183f361..e0fe43e8b7 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -366,7 +366,7 @@ opthelp: goto end; } - ctx = EVP_MAC_CTX_new(mac); + ctx = EVP_MAC_new_ctx(mac); if (ctx == NULL) { BIO_printf(bio_err, "Unable to create MAC CTX for module check\n"); goto end; @@ -380,7 +380,7 @@ opthelp: if (params == NULL) goto end; - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { BIO_printf(bio_err, "MAC parameter error\n"); ERR_print_errors(bio_err); ok = 0; @@ -390,7 +390,7 @@ opthelp: goto end; } - ctx2 = EVP_MAC_CTX_dup(ctx); + ctx2 = EVP_MAC_dup_ctx(ctx); if (ctx2 == NULL) { BIO_printf(bio_err, "Unable to create MAC CTX for install indicator\n"); goto end; @@ -450,8 +450,8 @@ cleanup: BIO_free(module_bio); sk_OPENSSL_STRING_free(opts); EVP_MAC_free(mac); - EVP_MAC_CTX_free(ctx2); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx2); + EVP_MAC_free_ctx(ctx); OPENSSL_free(read_buffer); free_config_and_unload(conf); return ret; diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 34bc4a9995..d021c868c3 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -787,7 +787,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, BIO_printf(bio_err, "HMAC not found\n"); goto end; } - ctx = EVP_MAC_CTX_new(hmac); + ctx = EVP_MAC_new_ctx(hmac); if (ctx == NULL) { BIO_printf(bio_err, "HMAC context allocation failed\n"); goto end; @@ -796,7 +796,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, cookie_secret, COOKIE_SECRET_LENGTH); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { BIO_printf(bio_err, "HMAC context parameter setting failed\n"); goto end; } diff --git a/apps/mac.c b/apps/mac.c index 30f0daabcc..e84321b83a 100644 --- a/apps/mac.c +++ b/apps/mac.c @@ -114,7 +114,7 @@ opthelp: goto opthelp; } - ctx = EVP_MAC_CTX_new(mac); + ctx = EVP_MAC_new_ctx(mac); if (ctx == NULL) goto err; @@ -126,7 +126,7 @@ opthelp: if (params == NULL) goto err; - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { BIO_printf(bio_err, "MAC parameter error\n"); ERR_print_errors(bio_err); ok = 0; @@ -199,7 +199,7 @@ err: sk_OPENSSL_STRING_free(opts); BIO_free(in); BIO_free(out); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); return ret; } diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c index aa06cdc98a..ece3d8f91c 100644 --- a/crypto/cmac/cm_ameth.c +++ b/crypto/cmac/cm_ameth.c @@ -31,9 +31,9 @@ static int cmac_size(const EVP_PKEY *pkey) static void cmac_key_free(EVP_PKEY *pkey) { EVP_MAC_CTX *cmctx = EVP_PKEY_get0(pkey); - EVP_MAC *mac = cmctx == NULL ? NULL : EVP_MAC_CTX_mac(cmctx); + EVP_MAC *mac = cmctx == NULL ? NULL : EVP_MAC_get_ctx_mac(cmctx); - EVP_MAC_CTX_free(cmctx); + EVP_MAC_free_ctx(cmctx); EVP_MAC_free(mac); } diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index f674eeeff7..a087bc4423 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -202,8 +202,8 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, macparams[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, basekey, bklen); if ((mac = EVP_MAC_fetch(NULL, "HMAC", NULL)) == NULL - || (mctx = EVP_MAC_CTX_new(mac)) == NULL - || !EVP_MAC_CTX_set_params(mctx, macparams) + || (mctx = EVP_MAC_new_ctx(mac)) == NULL + || !EVP_MAC_set_ctx_params(mctx, macparams) || !EVP_MAC_init(mctx) || !EVP_MAC_update(mctx, msg, msglen) || !EVP_MAC_final(mctx, mac_res, outlen, EVP_MAX_MD_SIZE)) @@ -214,7 +214,7 @@ int OSSL_CRMF_pbm_new(const OSSL_CRMF_PBMPARAMETER *pbmp, err: /* cleanup */ OPENSSL_cleanse(basekey, bklen); - EVP_MAC_CTX_free(mctx); + EVP_MAC_free_ctx(mctx); EVP_MAC_free(mac); EVP_MD_CTX_free(ctx); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 9b252e3827..1668c95153 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -845,8 +845,6 @@ EVP_F_EVP_KEYEXCH_FETCH:245:EVP_KEYEXCH_fetch EVP_F_EVP_KEYEXCH_FROM_DISPATCH:244:evp_keyexch_from_dispatch EVP_F_EVP_MAC_CTRL:209:EVP_MAC_ctrl EVP_F_EVP_MAC_CTRL_STR:210:EVP_MAC_ctrl_str -EVP_F_EVP_MAC_CTX_DUP:211:EVP_MAC_CTX_dup -EVP_F_EVP_MAC_CTX_NEW:213:EVP_MAC_CTX_new EVP_F_EVP_MAC_INIT:212:EVP_MAC_init EVP_F_EVP_MD_BLOCK_SIZE:232:EVP_MD_block_size EVP_F_EVP_MD_CTX_COPY_EX:110:EVP_MD_CTX_copy_ex diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index b7bfe8921f..8fe9708797 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -19,14 +19,14 @@ #include "internal/provider.h" #include "evp_local.h" -EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac) +EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac) { EVP_MAC_CTX *ctx = OPENSSL_zalloc(sizeof(EVP_MAC_CTX)); if (ctx == NULL || (ctx->data = mac->newctx(ossl_provider_ctx(mac->prov))) == NULL || !EVP_MAC_up_ref(mac)) { - EVPerr(EVP_F_EVP_MAC_CTX_NEW, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); if (ctx != NULL) mac->freectx(ctx->data); OPENSSL_free(ctx); @@ -37,7 +37,7 @@ EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac) return ctx; } -void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) +void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx) { if (ctx != NULL) { ctx->meth->freectx(ctx->data); @@ -48,7 +48,7 @@ void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) OPENSSL_free(ctx); } -EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src) +EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src) { EVP_MAC_CTX *dst; @@ -57,27 +57,27 @@ EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src) dst = OPENSSL_malloc(sizeof(*dst)); if (dst == NULL) { - EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); return NULL; } *dst = *src; if (!EVP_MAC_up_ref(dst->meth)) { - EVPerr(EVP_F_EVP_MAC_CTX_DUP, ERR_R_MALLOC_FAILURE); + EVPerr(0, ERR_R_MALLOC_FAILURE); OPENSSL_free(dst); return NULL; } dst->data = src->meth->dupctx(src->data); if (dst->data == NULL) { - EVP_MAC_CTX_free(dst); + EVP_MAC_free_ctx(dst); return NULL; } return dst; } -EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx) +EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx) { return ctx->meth; } @@ -144,14 +144,14 @@ int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]) return 1; } -int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]) +int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]) { if (ctx->meth->get_ctx_params != NULL) return ctx->meth->get_ctx_params(ctx->data, params); return 1; } -int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]) +int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]) { if (ctx->meth->set_ctx_params != NULL) return ctx->meth->set_ctx_params(ctx->data, params); diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 1d57a22aee..0b067c8a8c 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -595,7 +595,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, prov == NULL ? NULL : ossl_provider_library_context(prov); EVP_PKEY *ret = EVP_PKEY_new(); EVP_MAC *cmac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, NULL); - EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_CTX_new(cmac) : NULL; + EVP_MAC_CTX *cmctx = cmac != NULL ? EVP_MAC_new_ctx(cmac) : NULL; OSSL_PARAM params[4]; size_t paramsn = 0; @@ -620,7 +620,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, (char *)priv, len); params[paramsn] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(cmctx, params)) { + if (!EVP_MAC_set_ctx_params(cmctx, params)) { EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED); goto err; } @@ -630,7 +630,7 @@ EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, err: EVP_PKEY_free(ret); - EVP_MAC_CTX_free(cmctx); + EVP_MAC_free_ctx(cmctx); EVP_MAC_free(cmac); return NULL; # else diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 3503aac6d3..1901c452e7 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -71,7 +71,7 @@ static int pkey_mac_init(EVP_PKEY_CTX *ctx) } if (mac != NULL) { - hctx->ctx = EVP_MAC_CTX_new(mac); + hctx->ctx = EVP_MAC_new_ctx(mac); if (hctx->ctx == NULL) { OPENSSL_free(hctx); return 0; @@ -116,7 +116,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) EVP_PKEY_CTX_set_data(dst, dctx); dst->keygen_info_count = 0; - dctx->ctx = EVP_MAC_CTX_dup(sctx->ctx); + dctx->ctx = EVP_MAC_dup_ctx(sctx->ctx); if (dctx->ctx == NULL) goto err; @@ -128,7 +128,7 @@ static int pkey_mac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) * fetches the MAC method anew in this case. Therefore, its reference * count must be adjusted here. */ - if (!EVP_MAC_up_ref(EVP_MAC_CTX_mac(dctx->ctx))) + if (!EVP_MAC_up_ref(EVP_MAC_get_ctx_mac(dctx->ctx))) goto err; dctx->type = sctx->type; @@ -163,7 +163,8 @@ static void pkey_mac_cleanup(EVP_PKEY_CTX *ctx) MAC_PKEY_CTX *hctx = ctx == NULL ? NULL : EVP_PKEY_CTX_get_data(ctx); if (hctx != NULL) { - EVP_MAC *mac = hctx->ctx != NULL ? EVP_MAC_CTX_mac(hctx->ctx) : NULL; + EVP_MAC *mac = hctx->ctx != NULL ? EVP_MAC_get_ctx_mac(hctx->ctx) + : NULL; switch (hctx->type) { case MAC_TYPE_RAW: @@ -171,7 +172,7 @@ static void pkey_mac_cleanup(EVP_PKEY_CTX *ctx) hctx->raw_data.ktmp.length); break; } - EVP_MAC_CTX_free(hctx->ctx); + EVP_MAC_free_ctx(hctx->ctx); EVP_MAC_free(mac); OPENSSL_free(hctx); EVP_PKEY_CTX_set_data(ctx, NULL); @@ -206,10 +207,10 @@ static int pkey_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 0; } - cmkey = EVP_MAC_CTX_dup(hctx->ctx); + cmkey = EVP_MAC_dup_ctx(hctx->ctx); if (cmkey == NULL) return 0; - if (!EVP_MAC_up_ref(EVP_MAC_CTX_mac(hctx->ctx))) + if (!EVP_MAC_up_ref(EVP_MAC_get_ctx_mac(hctx->ctx))) return 0; EVP_PKEY_assign(pkey, nid, cmkey); } @@ -255,7 +256,7 @@ static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) } if (set_key) { - if (!EVP_MAC_is_a(EVP_MAC_CTX_mac(hctx->ctx), + if (!EVP_MAC_is_a(EVP_MAC_get_ctx_mac(hctx->ctx), OBJ_nid2sn(EVP_PKEY_id(EVP_PKEY_CTX_get0_pkey(ctx))))) return 0; key = EVP_PKEY_get0(EVP_PKEY_CTX_get0_pkey(ctx)); @@ -280,7 +281,7 @@ static int pkey_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, key->data, key->length); params[params_n++] = OSSL_PARAM_construct_end(); - rv = EVP_MAC_CTX_set_params(hctx->ctx, params); + rv = EVP_MAC_set_ctx_params(hctx->ctx, params); } return rv; } @@ -330,7 +331,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - if (!EVP_MAC_CTX_set_params(hctx->ctx, params) + if (!EVP_MAC_set_ctx_params(hctx->ctx, params) || !EVP_MAC_init(hctx->ctx)) return 0; } @@ -351,10 +352,10 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) if (ctx->pkey == NULL) return 0; - new_mac_ctx = EVP_MAC_CTX_dup(ctx->pkey->pkey.ptr); + new_mac_ctx = EVP_MAC_dup_ctx(ctx->pkey->pkey.ptr); if (new_mac_ctx == NULL) return 0; - EVP_MAC_CTX_free(hctx->ctx); + EVP_MAC_free_ctx(hctx->ctx); hctx->ctx = new_mac_ctx; } break; @@ -389,13 +390,13 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - if (!EVP_MAC_CTX_set_params(hctx->ctx, params)) + if (!EVP_MAC_set_ctx_params(hctx->ctx, params)) return 0; params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, &verify); - if (!EVP_MAC_CTX_get_params(hctx->ctx, params)) + if (!EVP_MAC_get_ctx_params(hctx->ctx, params)) return 0; /* @@ -433,7 +434,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; } - return EVP_MAC_CTX_set_params(hctx->ctx, params); + return EVP_MAC_set_ctx_params(hctx->ctx, params); } break; default: @@ -478,7 +479,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) key->data, key->length); params[params_n] = OSSL_PARAM_construct_end(); - return EVP_MAC_CTX_set_params(hctx->ctx, params); + return EVP_MAC_set_ctx_params(hctx->ctx, params); } break; case MAC_TYPE_MAC: @@ -513,7 +514,7 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx, EVPerr(0, EVP_R_FETCH_FAILED); return 0; } - mac = EVP_MAC_CTX_mac(hctx->ctx); + mac = EVP_MAC_get_ctx_mac(hctx->ctx); /* * Translation of some control names that are equivalent to a single @@ -535,7 +536,7 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx, return 0; params[1] = OSSL_PARAM_construct_end(); - ok = EVP_MAC_CTX_set_params(hctx->ctx, params); + ok = EVP_MAC_set_ctx_params(hctx->ctx, params); OPENSSL_free(params[0].data); return ok; } diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index f45e7e2f97..72ae624cc3 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -99,7 +99,7 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou EVP_MAC_CTX *mac_ctx; int ret = 0; - mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init); + mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init); if (mac_ctx == NULL) return 0; @@ -126,7 +126,7 @@ __owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *ou ret = 1; err: - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); return ret; } @@ -187,20 +187,20 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, /* TODO(3.0) library context */ || (ctx->mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL)) == NULL - || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL - || !EVP_MAC_CTX_set_params(ctx->mac_ctx_init, params) + || (ctx->mac_ctx_init = EVP_MAC_new_ctx(ctx->mac)) == NULL + || !EVP_MAC_set_ctx_params(ctx->mac_ctx_init, params) || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL) - || (mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL + || (mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init)) == NULL || !EVP_MAC_update(mac_ctx, zero, sizeof(zero)) || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len, sizeof(ctx->d.byte))) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); - EVP_MAC_CTX_free(ctx->mac_ctx_init); - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(ctx->mac_ctx_init); + EVP_MAC_free_ctx(mac_ctx); EVP_MAC_free(ctx->mac); return 0; } - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); ctx->final_ret = -1; ctx->crypto_ok = 1; @@ -216,8 +216,8 @@ int CRYPTO_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src) memcpy(&dest->d, &src->d, sizeof(src->d)); if (!EVP_CIPHER_CTX_copy(dest->cipher_ctx, src->cipher_ctx)) return 0; - EVP_MAC_CTX_free(dest->mac_ctx_init); - dest->mac_ctx_init = EVP_MAC_CTX_dup(src->mac_ctx_init); + EVP_MAC_free_ctx(dest->mac_ctx_init); + dest->mac_ctx_init = EVP_MAC_dup_ctx(src->mac_ctx_init); if (dest->mac_ctx_init == NULL) return 0; return 1; @@ -237,15 +237,15 @@ int CRYPTO_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, siv128_dbl(&ctx->d); - if ((mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL + if ((mac_ctx = EVP_MAC_dup_ctx(ctx->mac_ctx_init)) == NULL || !EVP_MAC_update(mac_ctx, aad, len) || !EVP_MAC_final(mac_ctx, mac_out.byte, &out_len, sizeof(mac_out.byte)) || out_len != SIV_LEN) { - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); return 0; } - EVP_MAC_CTX_free(mac_ctx); + EVP_MAC_free_ctx(mac_ctx); siv128_xorblock(&ctx->d, &mac_out); @@ -357,7 +357,7 @@ int CRYPTO_siv128_cleanup(SIV128_CONTEXT *ctx) if (ctx != NULL) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); ctx->cipher_ctx = NULL; - EVP_MAC_CTX_free(ctx->mac_ctx_init); + EVP_MAC_free_ctx(ctx->mac_ctx_init); ctx->mac_ctx_init = NULL; EVP_MAC_free(ctx->mac); ctx->mac = NULL; diff --git a/doc/man1/openssl-mac.pod.in b/doc/man1/openssl-mac.pod.in index 4c9cc3bc31..ff1b83fbd3 100644 --- a/doc/man1/openssl-mac.pod.in +++ b/doc/man1/openssl-mac.pod.in @@ -49,7 +49,7 @@ Output the MAC in binary form. Uses hexadecimal text format if not specified. Passes options to the MAC algorithm. A comprehensive list of controls can be found in the EVP_MAC implementation documentation. -Common parameter names used by EVP_MAC_CTX_get_params() are: +Common parameter names used by EVP_MAC_get_ctx_params() are: =over 4 diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index c98c8d873a..1464515459 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -5,8 +5,8 @@ EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_is_a, EVP_MAC_number, EVP_MAC_names_do_all, EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, -EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, -EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, +EVP_MAC_CTX, EVP_MAC_new_ctx, EVP_MAC_free_ctx, EVP_MAC_dup_ctx, +EVP_MAC_get_ctx_mac, EVP_MAC_get_ctx_params, EVP_MAC_set_ctx_params, EVP_MAC_size, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, EVP_MAC_do_all_provided - EVP MAC routines @@ -30,12 +30,12 @@ EVP_MAC_do_all_provided - EVP MAC routines const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); - EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); - void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); - EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); - EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); - int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); - int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); + EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac); + void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx); + EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src); + EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx); + int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); + int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); size_t EVP_MAC_size(EVP_MAC_CTX *ctx); int EVP_MAC_init(EVP_MAC_CTX *ctx); @@ -96,18 +96,18 @@ NULL is a valid parameter, for which this function is a no-op. =head2 Context manipulation functions -EVP_MAC_CTX_new() creates a new context for the MAC type I. +EVP_MAC_new_ctx() creates a new context for the MAC type I. The created context can then be used with most other functions described here. -EVP_MAC_CTX_free() frees the contents of the context, including an +EVP_MAC_free_ctx() frees the contents of the context, including an underlying context if there is one, as well as the context itself. NULL is a valid parameter, for which this function is a no-op. -EVP_MAC_CTX_dup() duplicates the I context and returns a newly allocated +EVP_MAC_dup_ctx() duplicates the I context and returns a newly allocated context. -EVP_MAC_CTX_mac() returns the B associated with the context +EVP_MAC_get_ctx_mac() returns the B associated with the context I. =head2 Computing functions @@ -136,14 +136,14 @@ parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_MAC_CTX_get_params() retrieves chosen parameters, given the +EVP_MAC_get_ctx_params() retrieves chosen parameters, given the context I and its underlying context. The set of parameters given with I determine exactly what parameters should be retrieved. Note that a parameter that is unknown in the underlying context is simply ignored. -EVP_MAC_CTX_set_params() passes chosen parameters to the underlying +EVP_MAC_set_ctx_params() passes chosen parameters to the underlying context, given a context I. The set of parameters given with I determine exactly what parameters are passed down. @@ -155,8 +155,8 @@ defined by the implementation. EVP_MAC_gettable_params(), EVP_MAC_gettable_ctx_params() and EVP_MAC_settable_ctx_params() get a constant B array that describes the retrievable and settable parameters, i.e. parameters that -can be used with EVP_MAC_get_params(), EVP_MAC_CTX_get_params() -and EVP_MAC_CTX_set_params(), respectively. +can be used with EVP_MAC_get_params(), EVP_MAC_get_ctx_params() +and EVP_MAC_set_ctx_params(), respectively. See L for the use of B as parameter descriptor. =head2 Information functions @@ -270,12 +270,12 @@ the given name, otherwise 0. EVP_MAC_provider() returns a pointer to the provider for the MAC, or NULL on error. -EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly +EVP_MAC_new_ctx() and EVP_MAC_dup_ctx() return a pointer to a newly created EVP_MAC_CTX, or NULL if allocation failed. -EVP_MAC_CTX_free() returns nothing at all. +EVP_MAC_free_ctx() returns nothing at all. -EVP_MAC_CTX_get_params() and EVP_MAC_CTX_set_params() return 1 on +EVP_MAC_get_ctx_params() and EVP_MAC_set_ctx_params() return 1 on success, 0 on error. EVP_MAC_init(), EVP_MAC_update(), and EVP_MAC_final() return 1 on success, 0 @@ -327,8 +327,8 @@ EVP_MAC_do_all_provided() returns nothing at all. if (mac == NULL || key == NULL - || (ctx = EVP_MAC_CTX_new(mac)) == NULL - || EVP_MAC_CTX_set_params(ctx, params) <= 0) + || (ctx = EVP_MAC_new_ctx(mac)) == NULL + || EVP_MAC_set_ctx_params(ctx, params) <= 0) goto err; if (!EVP_MAC_init(ctx)) @@ -347,12 +347,12 @@ EVP_MAC_do_all_provided() returns nothing at all. printf("%02X", buf[i]); printf("\n"); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); exit(0); err: - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); fprintf(stderr, "Something went wrong\n"); ERR_print_errors_fp(stderr); diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod index 2675969a12..b798e6ca7c 100644 --- a/doc/man3/HMAC.pod +++ b/doc/man3/HMAC.pod @@ -54,7 +54,7 @@ L: =head1 DESCRIPTION All of the functions described on this page are deprecated. Applications should -instead use L, L, L, +instead use L, L, L, L and L. HMAC is a MAC (message authentication code), i.e. a keyed hash diff --git a/doc/man3/OSSL_PARAM_allocate_from_text.pod b/doc/man3/OSSL_PARAM_allocate_from_text.pod index 011685c8c8..539b2179c4 100644 --- a/doc/man3/OSSL_PARAM_allocate_from_text.pod +++ b/doc/man3/OSSL_PARAM_allocate_from_text.pod @@ -175,7 +175,7 @@ Can be written like this instead: goto err; } params[params_n] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx, params)) + if (!EVP_MAC_set_ctx_params(ctx, params)) goto err; while (params_n-- > 0) OPENSSL_free(params[params_n].data); diff --git a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod index 99aaf7a595..ae2ee2b4e2 100644 --- a/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -49,7 +49,7 @@ ticket information or it starts a full TLS handshake to create a new session ticket. Before the callback function is started I and I have been -initialised with L and L +initialised with L and L respectively. For new sessions tickets, when the client doesn't present a session ticket, or @@ -66,7 +66,7 @@ maximum IV length is B bytes defined in B. The initialization vector I should be a random value. The cipher context I should use the initialisation vector I. The cipher context can be set using L. The hmac context and digest can be set using -L with the B and +L with the B and B parameters respectively. When the client presents a session ticket, the callback function with be called @@ -76,7 +76,7 @@ the session ticket. The OpenSSL library expects that the I will be used to retrieve a cryptographic parameters and that the cryptographic context I will be set with the retrieved parameters and the initialization vector I. using a function like L. The key material and -digest for I need to be set using L with the +digest for I need to be set using L with the B and B parameters respectively. If the I is still valid but a renewal of the ticket is required the @@ -120,8 +120,8 @@ The SSL_CTX_set_tlsext_ticket_key_cb() function is identical to SSL_CTX_set_tlsext_ticket_key_evp_cb() except that it takes a deprecated HMAC_CTX pointer instead of an EVP_MAC_CTX one. Before this callback function is started I will have been -initialised with L and the digest set with -L. +initialised with L and the digest set with +L. The I key material can be set using L. =head1 NOTES @@ -185,7 +185,7 @@ Reference Implementation: params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_CTX_set_params(hctx, params); + EVP_MAC_set_ctx_params(hctx, params); return 1; @@ -200,7 +200,7 @@ Reference Implementation: params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_CTX_set_params(hctx, params); + EVP_MAC_set_ctx_params(hctx, params); EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); diff --git a/doc/man7/EVP_MAC-BLAKE2.pod b/doc/man7/EVP_MAC-BLAKE2.pod index 90b065340d..d5673fa8e2 100644 --- a/doc/man7/EVP_MAC-BLAKE2.pod +++ b/doc/man7/EVP_MAC-BLAKE2.pod @@ -27,9 +27,9 @@ properties, to be used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_CTX_set_params(). +All these parameters can be set with EVP_MAC_set_ctx_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -61,7 +61,7 @@ It is 32 and 64 respectively by default. =head1 SEE ALSO -L, L, +L, L, L, L =head1 HISTORY diff --git a/doc/man7/EVP_MAC-CMAC.pod b/doc/man7/EVP_MAC-CMAC.pod index c210d693ce..699a50824b 100644 --- a/doc/man7/EVP_MAC-CMAC.pod +++ b/doc/man7/EVP_MAC-CMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -37,7 +37,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =back The following parameters can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -50,7 +50,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-GMAC.pod b/doc/man7/EVP_MAC-GMAC.pod index 7c9477c215..8e4d28e7b1 100644 --- a/doc/man7/EVP_MAC-GMAC.pod +++ b/doc/man7/EVP_MAC-GMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -39,7 +39,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =back The following parameters can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -52,7 +52,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-HMAC.pod b/doc/man7/EVP_MAC-HMAC.pod index 7f0ec35b43..31ff102ae6 100644 --- a/doc/man7/EVP_MAC-HMAC.pod +++ b/doc/man7/EVP_MAC-HMAC.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -41,7 +41,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): The "flags" parameter is passed directly to HMAC_CTX_set_flags(). The following parameter can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -54,7 +54,7 @@ The length of the "size" parameter is equal to that of an B. =head1 SEE ALSO -L, L, +L, L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod index df7ac1ddf6..88044540c5 100644 --- a/doc/man7/EVP_MAC-KMAC.pod +++ b/doc/man7/EVP_MAC-KMAC.pod @@ -27,9 +27,9 @@ properties, to be used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_CTX_set_params(). +All these parameters can be set with EVP_MAC_set_ctx_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -50,7 +50,7 @@ the input stream is set to zero. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod index da9953a1d5..8e288172a1 100644 --- a/doc/man7/EVP_MAC-Poly1305.pod +++ b/doc/man7/EVP_MAC-Poly1305.pod @@ -24,7 +24,7 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -The following parameter can be set with EVP_MAC_CTX_set_params(): +The following parameter can be set with EVP_MAC_set_ctx_params(): =over 4 @@ -33,7 +33,7 @@ The following parameter can be set with EVP_MAC_CTX_set_params(): =back The following parameters can be retrieved with -EVP_MAC_CTX_get_params(): +EVP_MAC_get_ctx_params(): =over 4 @@ -46,7 +46,7 @@ The length of the "size" parameter should not exceed that of an B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod index d8013b3369..a65e5919aa 100644 --- a/doc/man7/EVP_MAC-Siphash.pod +++ b/doc/man7/EVP_MAC-Siphash.pod @@ -25,9 +25,9 @@ used with EVP_MAC_fetch(): The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_CTX_set_params(). +All these parameters can be set with EVP_MAC_set_ctx_params(). Furthermore, the "size" parameter can be retrieved with -EVP_MAC_CTX_get_params(), or with EVP_MAC_size(). +EVP_MAC_get_ctx_params(), or with EVP_MAC_size(). The length of the "size" parameter should not exceed that of a B. =over 4 @@ -40,7 +40,7 @@ The length of the "size" parameter should not exceed that of a B. =head1 SEE ALSO -L, L, +L, L, L, L =head1 COPYRIGHT diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 81ec80ab2d..9ce2f5e2ac 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -26,6 +26,8 @@ # include # include +# include + # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ # define EVP_MAX_KEY_LENGTH 64 # define EVP_MAX_IV_LENGTH 16 @@ -1069,40 +1071,6 @@ void EVP_MD_do_all_provided(OPENSSL_CTX *libctx, void (*fn)(EVP_MD *md, void *arg), void *arg); -/* MAC stuff */ - -EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, - const char *properties); -int EVP_MAC_up_ref(EVP_MAC *mac); -void EVP_MAC_free(EVP_MAC *mac); -int EVP_MAC_number(const EVP_MAC *mac); -int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); -const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); -int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); - -EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); -void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); -EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); -EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); -int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); -int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); - -size_t EVP_MAC_size(EVP_MAC_CTX *ctx); -int EVP_MAC_init(EVP_MAC_CTX *ctx); -int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); -int EVP_MAC_final(EVP_MAC_CTX *ctx, - unsigned char *out, size_t *outl, size_t outsize); -const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); -const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); -const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); - -void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, - void (*fn)(EVP_MAC *mac, void *arg), - void *arg); -void EVP_MAC_names_do_all(const EVP_MAC *mac, - void (*fn)(const char *name, void *data), - void *data); - /* PKEY stuff */ DEPRECATEDIN_3_0(int EVP_PKEY_decrypt_old(unsigned char *dec_key, const unsigned char *enc_key, diff --git a/include/openssl/mac.h b/include/openssl/mac.h new file mode 100644 index 0000000000..4fb808525f --- /dev/null +++ b/include/openssl/mac.h @@ -0,0 +1,52 @@ +/* + * Copyright 2019=-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* MAC stuff */ + +#ifndef OPENSSL_EVP_MAC_H +# define OPENSSL_EVP_MAC_H +# pragma once + +# include +# include +# include + +EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, + const char *properties); +int EVP_MAC_up_ref(EVP_MAC *mac); +void EVP_MAC_free(EVP_MAC *mac); +int EVP_MAC_number(const EVP_MAC *mac); +int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); +const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); +int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); + +EVP_MAC_CTX *EVP_MAC_new_ctx(EVP_MAC *mac); +void EVP_MAC_free_ctx(EVP_MAC_CTX *ctx); +EVP_MAC_CTX *EVP_MAC_dup_ctx(const EVP_MAC_CTX *src); +EVP_MAC *EVP_MAC_get_ctx_mac(EVP_MAC_CTX *ctx); +int EVP_MAC_get_ctx_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); +int EVP_MAC_set_ctx_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); + +size_t EVP_MAC_size(EVP_MAC_CTX *ctx); +int EVP_MAC_init(EVP_MAC_CTX *ctx); +int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen); +int EVP_MAC_final(EVP_MAC_CTX *ctx, + unsigned char *out, size_t *outl, size_t outsize); +const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac); +const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac); + +void EVP_MAC_do_all_provided(OPENSSL_CTX *libctx, + void (*fn)(EVP_MAC *mac, void *arg), + void *arg); +void EVP_MAC_names_do_all(const EVP_MAC *mac, + void (*fn)(const char *name, void *data), + void *data); + +#endif /* OPENSSL_EVP_MAC_H */ diff --git a/providers/common/provider_util.c b/providers/common/provider_util.c index 270609e9d6..b5511dbdfa 100644 --- a/providers/common/provider_util.c +++ b/providers/common/provider_util.c @@ -189,8 +189,8 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx, if (macname != NULL) { EVP_MAC *mac = EVP_MAC_fetch(libctx, macname, properties); - EVP_MAC_CTX_free(*macctx); - *macctx = mac == NULL ? NULL : EVP_MAC_CTX_new(mac); + EVP_MAC_free_ctx(*macctx); + *macctx = mac == NULL ? NULL : EVP_MAC_new_ctx(mac); /* The context holds on to the MAC */ EVP_MAC_free(mac); if (*macctx == NULL) @@ -241,10 +241,10 @@ int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx, #endif *mp = OSSL_PARAM_construct_end(); - if (EVP_MAC_CTX_set_params(*macctx, mac_params)) + if (EVP_MAC_set_ctx_params(*macctx, mac_params)) return 1; - EVP_MAC_CTX_free(*macctx); + EVP_MAC_free_ctx(*macctx); *macctx = NULL; return 0; } diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c index b767e8f300..4619fedef5 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c @@ -146,7 +146,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC); mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL); - ctx = EVP_MAC_CTX_new(mac); + ctx = EVP_MAC_new_ctx(mac); if (mac == NULL || ctx == NULL) goto err; @@ -156,7 +156,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, sizeof(fixed_key)); *p = OSSL_PARAM_construct_end(); - if (EVP_MAC_CTX_set_params(ctx, params) <= 0 + if (EVP_MAC_set_ctx_params(ctx, params) <= 0 || !EVP_MAC_init(ctx)) goto err; @@ -177,7 +177,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_BIO_read_ex_fn read_ex_cb, ret = 1; err: OSSL_SELF_TEST_onend(ev, ret); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(mac); return ret; } diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index acc7d7f47b..12bf711eed 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -123,7 +123,7 @@ static void kbkdf_reset(void *vctx) { KBKDF *ctx = (KBKDF *)vctx; - EVP_MAC_CTX_free(ctx->ctx_init); + EVP_MAC_free_ctx(ctx->ctx_init); OPENSSL_clear_free(ctx->context, ctx->context_len); OPENSSL_clear_free(ctx->label, ctx->label_len); OPENSSL_clear_free(ctx->ki, ctx->ki_len); @@ -151,7 +151,7 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, for (counter = 1; written < ko_len; counter++) { i = be32(counter); - ctx = EVP_MAC_CTX_dup(ctx_init); + ctx = EVP_MAC_dup_ctx(ctx_init); if (ctx == NULL) goto done; @@ -172,13 +172,13 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv, written += h; k_i_len = h; - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); ctx = NULL; } ret = 1; done: - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); return ret; } @@ -247,9 +247,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) NULL, NULL, libctx)) return 0; else if (ctx->ctx_init != NULL - && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init), + && !EVP_MAC_is_a(EVP_MAC_get_ctx_mac(ctx->ctx_init), OSSL_MAC_NAME_HMAC) - && !EVP_MAC_is_a(EVP_MAC_CTX_mac(ctx->ctx_init), + && !EVP_MAC_is_a(EVP_MAC_get_ctx_mac(ctx->ctx_init), OSSL_MAC_NAME_CMAC)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MAC); return 0; @@ -288,7 +288,7 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) ctx->ki, ctx->ki_len); mparams[1] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx->ctx_init, mparams) + if (!EVP_MAC_set_ctx_params(ctx->ctx_init, mparams) || !EVP_MAC_init(ctx->ctx_init)) return 0; } diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c index 2c4600d205..023395b14d 100644 --- a/providers/implementations/kdfs/sskdf.c +++ b/providers/implementations/kdfs/sskdf.c @@ -168,7 +168,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom, (void *)custom, custom_len); params[1] = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx, params)) + if (!EVP_MAC_set_ctx_params(ctx, params)) return 0; /* By default only do one iteration if kmac_out_len is not specified */ @@ -186,7 +186,7 @@ static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom, params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, &kmac_out_len); - if (EVP_MAC_CTX_set_params(ctx, params) <= 0) + if (EVP_MAC_set_ctx_params(ctx, params) <= 0) return 0; /* @@ -233,7 +233,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, (void *)salt, salt_len); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx_init, params)) + if (!EVP_MAC_set_ctx_params(ctx_init, params)) goto end; if (!kmac_init(ctx_init, kmac_custom, kmac_custom_len, kmac_out_len, @@ -256,7 +256,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, c[2] = (unsigned char)((counter >> 8) & 0xff); c[3] = (unsigned char)(counter & 0xff); - ctx = EVP_MAC_CTX_dup(ctx_init); + ctx = EVP_MAC_dup_ctx(ctx_init); if (!(ctx != NULL && EVP_MAC_update(ctx, c, sizeof(c)) && EVP_MAC_update(ctx, z, z_len) @@ -275,7 +275,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, memcpy(out, mac, len); break; } - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); ctx = NULL; } ret = 1; @@ -285,7 +285,7 @@ end: else OPENSSL_cleanse(mac_buf, sizeof(mac_buf)); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); return ret; } @@ -303,7 +303,7 @@ static void sskdf_reset(void *vctx) { KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; - EVP_MAC_CTX_free(ctx->macctx); + EVP_MAC_free_ctx(ctx->macctx); ossl_prov_digest_reset(&ctx->digest); OPENSSL_clear_free(ctx->secret, ctx->secret_len); OPENSSL_clear_free(ctx->info, ctx->info_len); @@ -360,7 +360,7 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) const unsigned char *custom = NULL; size_t custom_len = 0; int default_salt_len; - EVP_MAC *mac = EVP_MAC_CTX_mac(ctx->macctx); + EVP_MAC *mac = EVP_MAC_get_ctx_mac(ctx->macctx); /* * TODO(3.0) investigate the necessity to have all these controls. diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c index 84d712afc5..1b47247cbb 100644 --- a/providers/implementations/kdfs/tls1_prf.c +++ b/providers/implementations/kdfs/tls1_prf.c @@ -116,8 +116,8 @@ static void kdf_tls1_prf_reset(void *vctx) { TLS1_PRF *ctx = (TLS1_PRF *)vctx; - EVP_MAC_CTX_free(ctx->P_hash); - EVP_MAC_CTX_free(ctx->P_sha1); + EVP_MAC_free_ctx(ctx->P_hash); + EVP_MAC_free_ctx(ctx->P_sha1); OPENSSL_clear_free(ctx->sec, ctx->seclen); OPENSSL_cleanse(ctx->seed, ctx->seedlen); memset(ctx, 0, sizeof(*ctx)); @@ -163,7 +163,7 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) NULL, SN_sha1, libctx)) return 0; } else { - EVP_MAC_CTX_free(ctx->P_sha1); + EVP_MAC_free_ctx(ctx->P_sha1); if (!ossl_prov_macctx_load_from_params(&ctx->P_hash, params, OSSL_MAC_NAME_HMAC, NULL, NULL, libctx)) @@ -280,7 +280,7 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, (void *)sec, sec_len); *p = OSSL_PARAM_construct_end(); - if (!EVP_MAC_CTX_set_params(ctx_init, params)) + if (!EVP_MAC_set_ctx_params(ctx_init, params)) goto err; if (!EVP_MAC_init(ctx_init)) goto err; @@ -288,7 +288,7 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, if (chunk == 0) goto err; /* A(0) = seed */ - ctx_Ai = EVP_MAC_CTX_dup(ctx_init); + ctx_Ai = EVP_MAC_dup_ctx(ctx_init); if (ctx_Ai == NULL) goto err; if (seed != NULL && !EVP_MAC_update(ctx_Ai, seed, seed_len)) @@ -298,18 +298,18 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, /* calc: A(i) = HMAC_(secret, A(i-1)) */ if (!EVP_MAC_final(ctx_Ai, Ai, &Ai_len, sizeof(Ai))) goto err; - EVP_MAC_CTX_free(ctx_Ai); + EVP_MAC_free_ctx(ctx_Ai); ctx_Ai = NULL; /* calc next chunk: HMAC_(secret, A(i) + seed) */ - ctx = EVP_MAC_CTX_dup(ctx_init); + ctx = EVP_MAC_dup_ctx(ctx_init); if (ctx == NULL) goto err; if (!EVP_MAC_update(ctx, Ai, Ai_len)) goto err; /* save state for calculating next A(i) value */ if (olen > chunk) { - ctx_Ai = EVP_MAC_CTX_dup(ctx); + ctx_Ai = EVP_MAC_dup_ctx(ctx); if (ctx_Ai == NULL) goto err; } @@ -324,15 +324,15 @@ static int tls1_prf_P_hash(EVP_MAC_CTX *ctx_init, } if (!EVP_MAC_final(ctx, out, NULL, olen)) goto err; - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); ctx = NULL; out += chunk; olen -= chunk; } ret = 1; err: - EVP_MAC_CTX_free(ctx); - EVP_MAC_CTX_free(ctx_Ai); + EVP_MAC_free_ctx(ctx); + EVP_MAC_free_ctx(ctx_Ai); OPENSSL_cleanse(Ai, sizeof(Ai)); return ret; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 89450943d1..b80ac35d3a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3149,12 +3149,12 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx) } #endif mac = EVP_MAC_fetch(ctx->libctx, "HMAC", NULL); - if (mac == NULL || (ret->ctx = EVP_MAC_CTX_new(mac)) == NULL) + if (mac == NULL || (ret->ctx = EVP_MAC_new_ctx(mac)) == NULL) goto err; EVP_MAC_free(mac); return ret; err: - EVP_MAC_CTX_free(ret->ctx); + EVP_MAC_free_ctx(ret->ctx); EVP_MAC_free(mac); OPENSSL_free(ret); return NULL; @@ -3163,7 +3163,7 @@ SSL_HMAC *ssl_hmac_new(const SSL_CTX *ctx) void ssl_hmac_free(SSL_HMAC *ctx) { if (ctx != NULL) { - EVP_MAC_CTX_free(ctx->ctx); + EVP_MAC_free_ctx(ctx->ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 HMAC_CTX_free(ctx->old_ctx); #endif @@ -3191,7 +3191,7 @@ int ssl_hmac_init(SSL_HMAC *ctx, void *key, size_t len, char *md) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, md, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, len); *p = OSSL_PARAM_construct_end(); - if (EVP_MAC_CTX_set_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx)) + if (EVP_MAC_set_ctx_params(ctx->ctx, params) && EVP_MAC_init(ctx->ctx)) return 1; } #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index cf8e42c97e..95e28d6d54 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -360,9 +360,9 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, } *p++ = OSSL_PARAM_construct_end(); - ctx = EVP_MAC_CTX_new(hmac); + ctx = EVP_MAC_new_ctx(hmac); if (ctx == NULL - || !EVP_MAC_CTX_set_params(ctx, params) + || !EVP_MAC_set_ctx_params(ctx, params) || !EVP_MAC_init(ctx) || !EVP_MAC_update(ctx, hash, hashlen) /* outsize as per sizeof(peer_finish_md) */ @@ -375,7 +375,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, ret = hashlen; err: OPENSSL_cleanse(finsecret, sizeof(finsecret)); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); EVP_MAC_free(hmac); return ret; } diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index bfbaa7953a..d2d6a6b426 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -305,14 +305,14 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr, /* Append HMAC to data */ hmac = EVP_MAC_fetch(NULL, "HMAC", NULL); - ctx = EVP_MAC_CTX_new(hmac); + ctx = EVP_MAC_new_ctx(hmac); EVP_MAC_free(hmac); params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "SHA1", 0); params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, mac_key, 20); params[2] = OSSL_PARAM_construct_end(); - EVP_MAC_CTX_set_params(ctx, params); + EVP_MAC_set_ctx_params(ctx, params); EVP_MAC_init(ctx); EVP_MAC_update(ctx, epoch, 2); EVP_MAC_update(ctx, seq, 6); @@ -323,7 +323,7 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr, EVP_MAC_update(ctx, lenbytes, 2); /* Length */ EVP_MAC_update(ctx, enc, len); /* Finally the data itself */ EVP_MAC_final(ctx, enc + len, NULL, SHA_DIGEST_LENGTH); - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); /* Append padding bytes */ len += SHA_DIGEST_LENGTH; diff --git a/test/evp_test.c b/test/evp_test.c index 198c27ea5f..ef5d950018 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1323,12 +1323,12 @@ static int mac_test_run_mac(EVP_TEST *t) } params[params_n] = OSSL_PARAM_construct_end(); - if ((ctx = EVP_MAC_CTX_new(expected->mac)) == NULL) { + if ((ctx = EVP_MAC_new_ctx(expected->mac)) == NULL) { t->err = "MAC_CREATE_ERROR"; goto err; } - if (!EVP_MAC_CTX_set_params(ctx, params)) { + if (!EVP_MAC_set_ctx_params(ctx, params)) { t->err = "MAC_BAD_PARAMS"; goto err; } @@ -1360,7 +1360,7 @@ static int mac_test_run_mac(EVP_TEST *t) while (params_n-- > params_n_allocstart) { OPENSSL_free(params[params_n].data); } - EVP_MAC_CTX_free(ctx); + EVP_MAC_free_ctx(ctx); OPENSSL_free(got); return 1; } diff --git a/test/sslapitest.c b/test/sslapitest.c index 23e6b7d0f6..4665569054 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -6922,7 +6922,7 @@ static int tick_key_evp_cb(SSL *s, unsigned char key_name[16], params[2] = OSSL_PARAM_construct_end(); if (aes128cbc == NULL || !EVP_CipherInit_ex(ctx, aes128cbc, NULL, tick_aes_key, iv, enc) - || !EVP_MAC_CTX_set_params(hctx, params) + || !EVP_MAC_set_ctx_params(hctx, params) || !EVP_MAC_init(hctx)) ret = -1; else diff --git a/util/libcrypto.num b/util/libcrypto.num index 339df720e8..317481388c 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4425,10 +4425,10 @@ OCSP_resp_get0_respdata 4530 3_0_0 EXIST::FUNCTION:OCSP EVP_MD_CTX_set_pkey_ctx 4531 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_set_digest_custom 4532 3_0_0 EXIST::FUNCTION: EVP_PKEY_meth_get_digest_custom 4533 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_new ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_free ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_dup ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_mac ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_new_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_free_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_dup_ctx ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_get_ctx_mac ? 3_0_0 EXIST::FUNCTION: EVP_MAC_size ? 3_0_0 EXIST::FUNCTION: EVP_MAC_init ? 3_0_0 EXIST::FUNCTION: EVP_MAC_update ? 3_0_0 EXIST::FUNCTION: @@ -4701,8 +4701,8 @@ EVP_CIPHER_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_MD_get_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_fetch ? 3_0_0 EXIST::FUNCTION: EVP_MAC_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_set_params ? 3_0_0 EXIST::FUNCTION: -EVP_MAC_CTX_get_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_set_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_MAC_get_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: EVP_MAC_free ? 3_0_0 EXIST::FUNCTION: EVP_MAC_up_ref ? 3_0_0 EXIST::FUNCTION: From no-reply at appveyor.com Thu Jun 11 01:41:13 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Jun 2020 01:41:13 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.34855 Message-ID: <20200611014113.1.33A89EFF1A2F0CF7@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 11 02:09:31 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Jun 2020 02:09:31 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1591841371.197629.30798.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: cd4afec69f Add a test for renegotiation with EXTMS dropped 11d3235e2b Do not allow dropping Extended Master Secret extension on renegotiaton 7646610b6a use safe primes in ssl_get_auto_dh() 7821585206 APPS: Fix 'openssl dhparam' edf9659165 APPS: Fix 'openssl dsaparam -genkey' 4ec1463d71 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info a6d36303e9 TLSv1.3: additional checks in SSL_set_record_padding_callback da4db1602d test: TLS1.3 and new ciphers for kTLS cc10b56dbe TLSv13: add kTLS support 4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256 95badfeb60 kTLS: add Linux-specific kTLS helpers f434bfaccf kTLS: add new algo definitions 996a6ac32b kTLS: make ktls_start type independed c8636ebf4a fix doc typo in bn_dh.c 71273ab57a Fix 90-test_store.t for latest config, limits, providers, and disabled algos 49f84002d0 Fix documentation of OSSL_STORE c29ba6a92e Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() 4ca015555b Add chain to PKCS#12 test file generation in 90-test_store.t 9f5ff440b8 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Build log ended with (last 100 lines): rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c CC="clang" /usr/bin/perl ../openssl/crypto/aes/asm/aes-x86_64.pl "elf" -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM crypto/aes/aes-x86_64.s ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4079: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3054: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Thu Jun 11 06:23:20 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Jun 2020 06:23:20 +0000 Subject: Build failed: openssl master.34863 Message-ID: <20200611062320.1.FD10D412C1605942@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 11 06:41:49 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Jun 2020 06:41:49 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1591857709.487348.4351.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: cd4afec69f Add a test for renegotiation with EXTMS dropped 11d3235e2b Do not allow dropping Extended Master Secret extension on renegotiaton 7646610b6a use safe primes in ssl_get_auto_dh() 7821585206 APPS: Fix 'openssl dhparam' edf9659165 APPS: Fix 'openssl dsaparam -genkey' 4ec1463d71 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info a6d36303e9 TLSv1.3: additional checks in SSL_set_record_padding_callback da4db1602d test: TLS1.3 and new ciphers for kTLS cc10b56dbe TLSv13: add kTLS support 4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256 95badfeb60 kTLS: add Linux-specific kTLS helpers f434bfaccf kTLS: add new algo definitions 996a6ac32b kTLS: make ktls_start type independed c8636ebf4a fix doc typo in bn_dh.c 71273ab57a Fix 90-test_store.t for latest config, limits, providers, and disabled algos 49f84002d0 Fix documentation of OSSL_STORE c29ba6a92e Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() 4ca015555b Add chain to PKCS#12 test file generation in 90-test_store.t 9f5ff440b8 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-core_numbers.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4093: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3068: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From tmraz at fedoraproject.org Thu Jun 11 07:08:07 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Thu, 11 Jun 2020 07:08:07 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1591859287.079675.28584.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 4b7097025305b219694dd8b04f84155cd12fb71d (commit) from 5bd03afcbe6e6fd7dba2d85d5c67a5a0140b4a7d (commit) - Log ----------------------------------------------------------------- commit 4b7097025305b219694dd8b04f84155cd12fb71d Author: Tomas Mraz Date: Thu Jun 4 11:40:29 2020 +0200 Do not allow dropping Extended Master Secret extension on renegotiaton Abort renegotiation if server receives client hello with Extended Master Secret extension dropped in comparison to the initial session. Fixes #9754 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12099) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++++ include/openssl/ssl3.h | 3 +++ ssl/statem/extensions.c | 14 +++++++++++++- 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 8b2fd3f8bd..ae0d232526 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.1g and 1.1.1h [xx XXX xxxx] + *) Handshake now fails if Extended Master Secret extension is dropped + on renegotiation. + [Tomas Mraz] + *) The Oracle Developer Studio compiler will start reporting deprecated APIs Changes between 1.1.1f and 1.1.1g [21 Apr 2020] diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 8d01fcc487..407db0b5f0 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -292,6 +292,9 @@ extern "C" { # define TLS1_FLAGS_STATELESS 0x0800 +/* Set if extended master secret extension required on renegotiation */ +# define TLS1_FLAGS_REQUIRED_EXTMS 0x1000 + # define SSL3_MT_HELLO_REQUEST 0 # define SSL3_MT_CLIENT_HELLO 1 # define SSL3_MT_SERVER_HELLO 2 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 4ef8b417b8..c785ab785d 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1168,14 +1168,26 @@ static int init_etm(SSL *s, unsigned int context) static int init_ems(SSL *s, unsigned int context) { - if (!s->server) + if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) { s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS; + s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS; + } return 1; } static int final_ems(SSL *s, unsigned int context, int sent) { + /* + * Check extended master secret extension is not dropped on + * renegotiation. + */ + if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) + && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS, + SSL_R_INCONSISTENT_EXTMS); + return 0; + } if (!s->server && s->hit) { /* * Check extended master secret extension is consistent with From builds at travis-ci.com Thu Jun 11 07:22:39 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 11 Jun 2020 07:22:39 +0000 Subject: Broken: openssl/openssl#35412 (master - d9c2fd5) In-Reply-To: Message-ID: <5ee1dbbe8c89d_13fc284fd6cdc261625@travis-pro-tasks-79565c748b-6xbd5.mail> Build Update for openssl/openssl ------------------------------------- Build: #35412 Status: Broken Duration: 1 hr, 45 mins, and 43 secs Commit: d9c2fd5 (master) Author: Pauli Message: The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. Before 3.0 is released, the names are mutable and this prevents more inconsistencies being introduced. There are no functional or code changes. Just the renaming and a little reformatting. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11997) View the changeset: https://github.com/openssl/openssl/compare/765d04c9460a...d9c2fd51e2e2 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/170790260?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 11 09:05:22 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Jun 2020 09:05:22 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1591866322.326054.2691.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: cd4afec69f Add a test for renegotiation with EXTMS dropped 11d3235e2b Do not allow dropping Extended Master Secret extension on renegotiaton 7646610b6a use safe primes in ssl_get_auto_dh() 7821585206 APPS: Fix 'openssl dhparam' edf9659165 APPS: Fix 'openssl dsaparam -genkey' 4ec1463d71 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info a6d36303e9 TLSv1.3: additional checks in SSL_set_record_padding_callback da4db1602d test: TLS1.3 and new ciphers for kTLS cc10b56dbe TLSv13: add kTLS support 4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256 95badfeb60 kTLS: add Linux-specific kTLS helpers f434bfaccf kTLS: add new algo definitions 996a6ac32b kTLS: make ktls_start type independed c8636ebf4a fix doc typo in bn_dh.c 71273ab57a Fix 90-test_store.t for latest config, limits, providers, and disabled algos 49f84002d0 Fix documentation of OSSL_STORE c29ba6a92e Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() 4ca015555b Add chain to PKCS#12 test file generation in 90-test_store.t 9f5ff440b8 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Build log ended with (last 100 lines): clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-list.d.tmp -MT apps/openssl-bin-list.o -c -o apps/openssl-bin-list.o ../openssl/apps/list.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-mac.d.tmp -MT apps/openssl-bin-mac.o -c -o apps/openssl-bin-mac.o ../openssl/apps/mac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-nseq.d.tmp -MT apps/openssl-bin-nseq.o -c -o apps/openssl-bin-nseq.o ../openssl/apps/nseq.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-ocsp.d.tmp -MT apps/openssl-bin-ocsp.o -c -o apps/openssl-bin-ocsp.o ../openssl/apps/ocsp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-openssl.d.tmp -MT apps/openssl-bin-openssl.o -c -o apps/openssl-bin-openssl.o ../openssl/apps/openssl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-passwd.d.tmp -MT apps/openssl-bin-passwd.o -c -o apps/openssl-bin-passwd.o ../openssl/apps/passwd.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs12.d.tmp -MT apps/openssl-bin-pkcs12.o -c -o apps/openssl-bin-pkcs12.o ../openssl/apps/pkcs12.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs7.d.tmp -MT apps/openssl-bin-pkcs7.o -c -o apps/openssl-bin-pkcs7.o ../openssl/apps/pkcs7.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs8.d.tmp -MT apps/openssl-bin-pkcs8.o -c -o apps/openssl-bin-pkcs8.o ../openssl/apps/pkcs8.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkey.d.tmp -MT apps/openssl-bin-pkey.o -c -o apps/openssl-bin-pkey.o ../openssl/apps/pkey.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyparam.d.tmp -MT apps/openssl-bin-pkeyparam.o -c -o apps/openssl-bin-pkeyparam.o ../openssl/apps/pkeyparam.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyutl.d.tmp -MT apps/openssl-bin-pkeyutl.o -c -o apps/openssl-bin-pkeyutl.o ../openssl/apps/pkeyutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-prime.d.tmp -MT apps/openssl-bin-prime.o -c -o apps/openssl-bin-prime.o ../openssl/apps/prime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-progs.d.tmp -MT apps/openssl-bin-progs.o -c -o apps/openssl-bin-progs.o apps/progs.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-provider.d.tmp -MT apps/openssl-bin-provider.o -c -o apps/openssl-bin-provider.o ../openssl/apps/provider.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rand.d.tmp -MT apps/openssl-bin-rand.o -c -o apps/openssl-bin-rand.o ../openssl/apps/rand.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rehash.d.tmp -MT apps/openssl-bin-rehash.o -c -o apps/openssl-bin-rehash.o ../openssl/apps/rehash.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-req.d.tmp -MT apps/openssl-bin-req.o -c -o apps/openssl-bin-req.o ../openssl/apps/req.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsa.d.tmp -MT apps/openssl-bin-rsa.o -c -o apps/openssl-bin-rsa.o ../openssl/apps/rsa.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsautl.d.tmp -MT apps/openssl-bin-rsautl.o -c -o apps/openssl-bin-rsautl.o ../openssl/apps/rsautl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_client.d.tmp -MT apps/openssl-bin-s_client.o -c -o apps/openssl-bin-s_client.o ../openssl/apps/s_client.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_server.d.tmp -MT apps/openssl-bin-s_server.o -c -o apps/openssl-bin-s_server.o ../openssl/apps/s_server.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_time.d.tmp -MT apps/openssl-bin-s_time.o -c -o apps/openssl-bin-s_time.o ../openssl/apps/s_time.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-sess_id.d.tmp -MT apps/openssl-bin-sess_id.o -c -o apps/openssl-bin-sess_id.o ../openssl/apps/sess_id.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-smime.d.tmp -MT apps/openssl-bin-smime.o -c -o apps/openssl-bin-smime.o ../openssl/apps/smime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-speed.d.tmp -MT apps/openssl-bin-speed.o -c -o apps/openssl-bin-speed.o ../openssl/apps/speed.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-spkac.d.tmp -MT apps/openssl-bin-spkac.o -c -o apps/openssl-bin-spkac.o ../openssl/apps/spkac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-srp.d.tmp -MT apps/openssl-bin-srp.o -c -o apps/openssl-bin-srp.o ../openssl/apps/srp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-storeutl.d.tmp -MT apps/openssl-bin-storeutl.o -c -o apps/openssl-bin-storeutl.o ../openssl/apps/storeutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-verify.d.tmp -MT apps/openssl-bin-verify.o -c -o apps/openssl-bin-verify.o ../openssl/apps/verify.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-version.d.tmp -MT apps/openssl-bin-version.o -c -o apps/openssl-bin-version.o ../openssl/apps/version.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-x509.d.tmp -MT apps/openssl-bin-x509.o -c -o apps/openssl-bin-x509.o ../openssl/apps/x509.c rm -f fuzz/cmp-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o fuzz/cmp-test \ fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-test-corpus.o \ libcrypto.a -ldl -pthread rm -f test/asn1_dsa_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_dsa_internal_test \ test/asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/asn1_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_internal_test \ test/asn1_internal_test-bin-asn1_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/bn_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/bn_internal_test \ test/bn_internal_test-bin-bn_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22807: recipe for target 'fuzz/cmp-test' failed make[1]: *** [fuzz/cmp-test] Error 1 make[1]: *** Waiting for unfinished jobs.... libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23028: recipe for target 'test/asn1_dsa_internal_test' failed make[1]: *** [test/asn1_dsa_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23058: recipe for target 'test/asn1_internal_test' failed make[1]: *** [test/asn1_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23256: recipe for target 'test/bn_internal_test' failed make[1]: *** [test/bn_internal_test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ts' Makefile:3026: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Thu Jun 11 11:00:40 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Jun 2020 11:00:40 +0000 Subject: Build failed: openssl master.34867 Message-ID: <20200611110040.1.C340713427F84AE0@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jun 11 12:14:41 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Jun 2020 12:14:41 +0000 Subject: Build failed: openssl master.34872 Message-ID: <20200611121441.1.701EDEC9A71AFF44@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 11 12:39:56 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Jun 2020 12:39:56 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1591879196.230395.31141.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: cd4afec69f Add a test for renegotiation with EXTMS dropped 11d3235e2b Do not allow dropping Extended Master Secret extension on renegotiaton 7646610b6a use safe primes in ssl_get_auto_dh() 7821585206 APPS: Fix 'openssl dhparam' edf9659165 APPS: Fix 'openssl dsaparam -genkey' 4ec1463d71 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info a6d36303e9 TLSv1.3: additional checks in SSL_set_record_padding_callback da4db1602d test: TLS1.3 and new ciphers for kTLS cc10b56dbe TLSv13: add kTLS support 4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256 95badfeb60 kTLS: add Linux-specific kTLS helpers f434bfaccf kTLS: add new algo definitions 996a6ac32b kTLS: make ktls_start type independed c8636ebf4a fix doc typo in bn_dh.c 71273ab57a Fix 90-test_store.t for latest config, limits, providers, and disabled algos 49f84002d0 Fix documentation of OSSL_STORE c29ba6a92e Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() 4ca015555b Add chain to PKCS#12 test file generation in 90-test_store.t 9f5ff440b8 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=199, Tests=1991, 732 wallclock secs ( 7.87 usr 0.97 sys + 693.36 cusr 47.45 csys = 749.65 CPU) Result: FAIL Makefile:3092: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3090: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Thu Jun 11 13:32:11 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Jun 2020 13:32:11 +0000 Subject: Build failed: openssl master.34874 Message-ID: <20200611133211.1.3639F71DEEE34621@appveyor.com> An HTML attachment was scrubbed... URL: From beldmit at gmail.com Thu Jun 11 14:29:13 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 11 Jun 2020 14:29:13 +0000 Subject: [openssl] master update Message-ID: <1591885753.125831.26412.nullmailer@dev.openssl.org> The branch master has been updated via 0f6c3ebbf85b93ca78f6b5e5cead8f406fe70123 (commit) via 1154ffbfb38418ea68af9661e19daa0d6d984adb (commit) via 42b2797e8abced593084e5cd02d8c6e5ee5ed5c5 (commit) from d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a (commit) - Log ----------------------------------------------------------------- commit 0f6c3ebbf85b93ca78f6b5e5cead8f406fe70123 Author: Sebastian Andrzej Siewior Date: Sat Jun 6 18:22:04 2020 +0200 doc: Add a hint to man3/EVP_$hash that it is legacy Some hash algorithms are only provided by the legacy provider. This information is not mentioned in EVP_md4(3) for md4 and one might wonder why it is no longer working. Add a note to the EVP_ man page for md2, md4, mdc2, ripemd160 and whirlpool that it is only available with the legacy provider. Fixes #11650 Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12074) commit 1154ffbfb38418ea68af9661e19daa0d6d984adb Author: Sebastian Andrzej Siewior Date: Sat Jun 6 17:21:15 2020 +0200 APPS: Use a second EVP_MD_CTX for EdDSA verify Verify for the two EdDSA algorithms fails in "speed eddsa". It appears that the same ctx can not be used for the sign and verify process. Create a second EVP_MD_CTX for the verify purpose. Fixes #11650 Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12074) commit 42b2797e8abced593084e5cd02d8c6e5ee5ed5c5 Author: Sebastian Andrzej Siewior Date: Sat Jun 6 14:35:57 2020 +0200 APPS: Exclude legacy algorighms from speed Legacy crypto algorithms are not provided by the default "provider" leading to a warning. Remove legacy algorithms from the set that is tested by default. The algorihms can be tested manually if selected manually and using the legacy provider. Fixes #11650 Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12074) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 31 +++++++++++++++++++++++++++---- doc/man3/EVP_md2.pod | 3 ++- doc/man3/EVP_md4.pod | 4 +++- doc/man3/EVP_mdc2.pod | 4 +++- doc/man3/EVP_ripemd160.pod | 2 ++ doc/man3/EVP_whirlpool.pod | 4 +++- 6 files changed, 40 insertions(+), 8 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index f481b6b8fd..4bd42d4e42 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -575,6 +575,7 @@ typedef struct loopargs_st { EC_KEY *ecdsa[ECDSA_NUM]; EVP_PKEY_CTX *ecdh_ctx[EC_NUM]; EVP_MD_CTX *eddsa_ctx[EdDSA_NUM]; + EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM]; # ifndef OPENSSL_NO_SM2 EVP_MD_CTX *sm2_ctx[SM2_NUM]; EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM]; @@ -1242,7 +1243,7 @@ static int EdDSA_verify_loop(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; - EVP_MD_CTX **edctx = tempargs->eddsa_ctx; + EVP_MD_CTX **edctx = tempargs->eddsa_ctx2; unsigned char *eddsasig = tempargs->buf2; size_t eddsasigsize = tempargs->sigsize; int ret, count; @@ -1995,6 +1996,15 @@ int speed_main(int argc, char **argv) if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC] && !doit[D_EVP_CMAC]) { memset(doit, 1, sizeof(doit)); doit[D_EVP] = doit[D_EVP_HMAC] = doit[D_EVP_CMAC] = 0; +#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0) + doit[D_MDC2] = 0; +#endif +#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0) + doit[D_MD4] = 0; +#endif +#if !defined(OPENSSL_NO_RMD160) && !defined(OPENSSL_NO_DEPRECATED_3_0) + doit[D_RMD160] = 0; +#endif #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) memset(rsa_doit, 1, sizeof(rsa_doit)); #endif @@ -3380,6 +3390,11 @@ int speed_main(int argc, char **argv) st = 0; break; } + loopargs[i].eddsa_ctx2[testnum] = EVP_MD_CTX_new(); + if (loopargs[i].eddsa_ctx2[testnum] == NULL) { + st = 0; + break; + } if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid, NULL)) == NULL @@ -3397,6 +3412,13 @@ int speed_main(int argc, char **argv) EVP_PKEY_free(ed_pkey); break; } + if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL, + NULL, NULL, ed_pkey)) { + st = 0; + EVP_PKEY_free(ed_pkey); + break; + } + EVP_PKEY_free(ed_pkey); } if (st == 0) { @@ -3434,10 +3456,9 @@ int speed_main(int argc, char **argv) eddsa_results[testnum][0] = (double)count / d; rsa_count = count; } - /* Perform EdDSA verification test */ for (i = 0; i < loopargs_len; i++) { - st = EVP_DigestVerify(loopargs[i].eddsa_ctx[testnum], + st = EVP_DigestVerify(loopargs[i].eddsa_ctx2[testnum], loopargs[i].buf2, loopargs[i].sigsize, loopargs[i].buf, 20); if (st != 1) @@ -4012,8 +4033,10 @@ int speed_main(int argc, char **argv) EC_KEY_free(loopargs[i].ecdsa[k]); for (k = 0; k < EC_NUM; k++) EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]); - for (k = 0; k < EdDSA_NUM; k++) + for (k = 0; k < EdDSA_NUM; k++) { EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]); + EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]); + } # ifndef OPENSSL_NO_SM2 for (k = 0; k < SM2_NUM; k++) { EVP_PKEY_CTX *pctx = NULL; diff --git a/doc/man3/EVP_md2.pod b/doc/man3/EVP_md2.pod index a28467f5c1..15e37a0040 100644 --- a/doc/man3/EVP_md2.pod +++ b/doc/man3/EVP_md2.pod @@ -14,7 +14,7 @@ EVP_md2 =head1 DESCRIPTION MD2 is a cryptographic hash function standardized in RFC 1319 and designed by -Ronald Rivest. +Ronald Rivest. This implementation is only available with the legacy provider. =over 4 @@ -38,6 +38,7 @@ IETF RFC 1319. =head1 SEE ALSO L, +L, L =head1 COPYRIGHT diff --git a/doc/man3/EVP_md4.pod b/doc/man3/EVP_md4.pod index 8b3874e531..21c94e91c0 100644 --- a/doc/man3/EVP_md4.pod +++ b/doc/man3/EVP_md4.pod @@ -14,7 +14,8 @@ EVP_md4 =head1 DESCRIPTION MD4 is a cryptographic hash function standardized in RFC 1320 and designed by -Ronald Rivest, first published in 1990. +Ronald Rivest, first published in 1990. This implementation is only available +with the legacy provider. =over 4 @@ -38,6 +39,7 @@ IETF RFC 1320. =head1 SEE ALSO L, +L, L =head1 COPYRIGHT diff --git a/doc/man3/EVP_mdc2.pod b/doc/man3/EVP_mdc2.pod index 0c9a5fa4d4..ecbba26505 100644 --- a/doc/man3/EVP_mdc2.pod +++ b/doc/man3/EVP_mdc2.pod @@ -14,7 +14,8 @@ EVP_mdc2 =head1 DESCRIPTION MDC-2 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic -hash function based on a block cipher. +hash function based on a block cipher. This implementation is only available +with the legacy provider. =over 4 @@ -38,6 +39,7 @@ ISO/IEC 10118-2:2000 Hash-Function 2, with DES as the underlying block cipher. =head1 SEE ALSO L, +L, L =head1 COPYRIGHT diff --git a/doc/man3/EVP_ripemd160.pod b/doc/man3/EVP_ripemd160.pod index 4e9ebf7337..165b84db07 100644 --- a/doc/man3/EVP_ripemd160.pod +++ b/doc/man3/EVP_ripemd160.pod @@ -15,6 +15,7 @@ EVP_ripemd160 RIPEMD-160 is a cryptographic hash function first published in 1996 belonging to the RIPEMD family (RACE Integrity Primitives Evaluation Message Digest). +This implementation is only available with the legacy provider. =over 4 @@ -37,6 +38,7 @@ ISO/IEC 10118-3:2016 Dedicated Hash-Function 1 (RIPEMD-160). =head1 SEE ALSO L, +L, L =head1 COPYRIGHT diff --git a/doc/man3/EVP_whirlpool.pod b/doc/man3/EVP_whirlpool.pod index c7e5d45d61..d3a4a1fc24 100644 --- a/doc/man3/EVP_whirlpool.pod +++ b/doc/man3/EVP_whirlpool.pod @@ -14,7 +14,8 @@ EVP_whirlpool =head1 DESCRIPTION WHIRLPOOL is a cryptographic hash function standardized in ISO/IEC 10118-3:2004 -designed by Vincent Rijmen and Paulo S. L. M. Barreto. +designed by Vincent Rijmen and Paulo S. L. M. Barreto. This implementation is +only available with the legacy provider. =over 4 @@ -39,6 +40,7 @@ ISO/IEC 10118-3:2004. =head1 SEE ALSO L, +L, L =head1 COPYRIGHT From openssl at openssl.org Thu Jun 11 15:05:02 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Jun 2020 15:05:02 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1591887902.792015.5883.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: cd4afec69f Add a test for renegotiation with EXTMS dropped 11d3235e2b Do not allow dropping Extended Master Secret extension on renegotiaton 7646610b6a use safe primes in ssl_get_auto_dh() 7821585206 APPS: Fix 'openssl dhparam' edf9659165 APPS: Fix 'openssl dsaparam -genkey' 4ec1463d71 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info a6d36303e9 TLSv1.3: additional checks in SSL_set_record_padding_callback da4db1602d test: TLS1.3 and new ciphers for kTLS cc10b56dbe TLSv13: add kTLS support 4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256 95badfeb60 kTLS: add Linux-specific kTLS helpers f434bfaccf kTLS: add new algo definitions 996a6ac32b kTLS: make ktls_start type independed c8636ebf4a fix doc typo in bn_dh.c 71273ab57a Fix 90-test_store.t for latest config, limits, providers, and disabled algos 49f84002d0 Fix documentation of OSSL_STORE c29ba6a92e Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() 4ca015555b Add chain to PKCS#12 test file generation in 90-test_store.t 9f5ff440b8 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=199, Tests=1993, 738 wallclock secs ( 8.38 usr 1.01 sys + 695.93 cusr 47.47 csys = 752.79 CPU) Result: FAIL Makefile:3103: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3101: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Thu Jun 11 15:52:22 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 11 Jun 2020 15:52:22 +0000 Subject: Still Failing: openssl/openssl#35424 (master - 0f6c3eb) In-Reply-To: Message-ID: <5ee25335ec46a_13fef8342f81c92229a@travis-pro-tasks-6d98959f4b-6mrz6.mail> Build Update for openssl/openssl ------------------------------------- Build: #35424 Status: Still Failing Duration: 1 hr, 21 mins, and 48 secs Commit: 0f6c3eb (master) Author: Sebastian Andrzej Siewior Message: doc: Add a hint to man3/EVP_$hash that it is legacy Some hash algorithms are only provided by the legacy provider. This information is not mentioned in EVP_md4(3) for md4 and one might wonder why it is no longer working. Add a note to the EVP_ man page for md2, md4, mdc2, ripemd160 and whirlpool that it is only available with the legacy provider. Fixes #11650 Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Matt Caswell Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12074) View the changeset: https://github.com/openssl/openssl/compare/d9c2fd51e2e2...0f6c3ebbf85b View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/170874241?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 11 17:12:16 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Jun 2020 17:12:16 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1591895536.546705.9537.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: cd4afec69f Add a test for renegotiation with EXTMS dropped 11d3235e2b Do not allow dropping Extended Master Secret extension on renegotiaton 7646610b6a use safe primes in ssl_get_auto_dh() 7821585206 APPS: Fix 'openssl dhparam' edf9659165 APPS: Fix 'openssl dsaparam -genkey' 4ec1463d71 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info a6d36303e9 TLSv1.3: additional checks in SSL_set_record_padding_callback da4db1602d test: TLS1.3 and new ciphers for kTLS cc10b56dbe TLSv13: add kTLS support 4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256 95badfeb60 kTLS: add Linux-specific kTLS helpers f434bfaccf kTLS: add new algo definitions 996a6ac32b kTLS: make ktls_start type independed c8636ebf4a fix doc typo in bn_dh.c 71273ab57a Fix 90-test_store.t for latest config, limits, providers, and disabled algos 49f84002d0 Fix documentation of OSSL_STORE c29ba6a92e Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() 4ca015555b Add chain to PKCS#12 test file generation in 90-test_store.t 9f5ff440b8 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=199, Tests=1993, 738 wallclock secs ( 7.92 usr 1.07 sys + 697.97 cusr 47.49 csys = 754.45 CPU) Result: FAIL Makefile:3087: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3085: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jun 11 17:54:12 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 11 Jun 2020 17:54:12 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1591898052.306789.19885.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: cd4afec69f Add a test for renegotiation with EXTMS dropped 11d3235e2b Do not allow dropping Extended Master Secret extension on renegotiaton 7646610b6a use safe primes in ssl_get_auto_dh() 7821585206 APPS: Fix 'openssl dhparam' edf9659165 APPS: Fix 'openssl dsaparam -genkey' 4ec1463d71 EVP: Let EVP_PKEY_gen() initialize ctx->keygen_info a6d36303e9 TLSv1.3: additional checks in SSL_set_record_padding_callback da4db1602d test: TLS1.3 and new ciphers for kTLS cc10b56dbe TLSv13: add kTLS support 4ffccf6c4d kTLS: add support for AES_CCM128 and AES_GCM256 95badfeb60 kTLS: add Linux-specific kTLS helpers f434bfaccf kTLS: add new algo definitions 996a6ac32b kTLS: make ktls_start type independed c8636ebf4a fix doc typo in bn_dh.c 71273ab57a Fix 90-test_store.t for latest config, limits, providers, and disabled algos 49f84002d0 Fix documentation of OSSL_STORE c29ba6a92e Fix mem leaks and allow missing pkey and/or cert in try_decode_PKCS12() 4ca015555b Add chain to PKCS#12 test file generation in 90-test_store.t 9f5ff440b8 Fix code layout in crypto/store/loader_file.c satisfying check-format.pl -l Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=199, Tests=1915, 677 wallclock secs ( 6.84 usr 0.97 sys + 636.57 cusr 45.12 csys = 689.50 CPU) Result: FAIL Makefile:3110: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3108: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Thu Jun 11 21:57:18 2020 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 11 Jun 2020 21:57:18 +0000 Subject: Build failed: openssl master.34879 Message-ID: <20200611215718.1.52CD5EFDAFCA9AAA@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jun 12 01:27:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 12 Jun 2020 01:27:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1591925256.475464.570.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 0f6c3ebbf8 doc: Add a hint to man3/EVP_$hash that it is legacy 1154ffbfb3 APPS: Use a second EVP_MD_CTX for EdDSA verify 42b2797e8a APPS: Exclude legacy algorighms from speed d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. 765d04c946 kdf: make function naming consistent. 5cff2df8ce Make it clear that you can't use all ciphers for CMAC a370ff8daa Add a CMAC test 154ea425e6 Correctly handle the return value from EVP_Cipher() in the CMAC code b896d9436d Ensure we never use a partially initialised CMAC_CTX 317ffa576b run_tests.pl: Add options for focussing output on failed (sub-)tests 2a3158ac5b Make error output of dhparams and dsaparams app more consistent 8da42c8b26 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA 498e807ed2 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c a61b6b623d Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c 8bf37709a4 Update RSA keygen to use sp800-56b by default Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=200, Tests=1922, 759 wallclock secs ( 9.01 usr 1.47 sys + 710.77 cusr 47.73 csys = 768.98 CPU) Result: FAIL Makefile:3097: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3095: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jun 12 03:48:28 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Jun 2020 03:48:28 +0000 Subject: Build failed: openssl master.34884 Message-ID: <20200612034828.1.7AAE4E6FA0BDA7FB@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jun 12 04:10:56 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 12 Jun 2020 04:10:56 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1591935056.944331.29838.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 0f6c3ebbf8 doc: Add a hint to man3/EVP_$hash that it is legacy 1154ffbfb3 APPS: Use a second EVP_MD_CTX for EdDSA verify 42b2797e8a APPS: Exclude legacy algorighms from speed d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. 765d04c946 kdf: make function naming consistent. 5cff2df8ce Make it clear that you can't use all ciphers for CMAC a370ff8daa Add a CMAC test 154ea425e6 Correctly handle the return value from EVP_Cipher() in the CMAC code b896d9436d Ensure we never use a partially initialised CMAC_CTX 317ffa576b run_tests.pl: Add options for focussing output on failed (sub-)tests 2a3158ac5b Make error output of dhparams and dsaparams app more consistent 8da42c8b26 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA 498e807ed2 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c a61b6b623d Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c 8bf37709a4 Update RSA keygen to use sp800-56b by default Build log ended with (last 100 lines): ssl/statem/libssl-shlib-statem_dtls.o \ ssl/statem/libssl-shlib-statem_lib.o \ ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld \ engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld \ engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld \ engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld \ engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld \ engines/padlock-dso-e_padlock-x86_64.o \ engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test \ fuzz/asn1parse-test-bin-asn1parse.o \ fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test \ fuzz/bignum-test-bin-bignum.o \ fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bndiv-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bndiv-test \ fuzz/bndiv-test-bin-bndiv.o \ fuzz/bndiv-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/conf-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/conf-test \ fuzz/conf-test-bin-conf.o fuzz/conf-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22684: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22708: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22732: recipe for target 'fuzz/bndiv-test' failed make[1]: *** [fuzz/bndiv-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22803: recipe for target 'fuzz/conf-test' failed make[1]: *** [fuzz/conf-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3047: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From no-reply at appveyor.com Fri Jun 12 04:44:20 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Jun 2020 04:44:20 +0000 Subject: Build failed: openssl master.34885 Message-ID: <20200612044420.1.E0D86AAC93D14880@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jun 12 06:42:42 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 12 Jun 2020 06:42:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1591944162.760144.7948.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 0f6c3ebbf8 doc: Add a hint to man3/EVP_$hash that it is legacy 1154ffbfb3 APPS: Use a second EVP_MD_CTX for EdDSA verify 42b2797e8a APPS: Exclude legacy algorighms from speed d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. 765d04c946 kdf: make function naming consistent. 5cff2df8ce Make it clear that you can't use all ciphers for CMAC a370ff8daa Add a CMAC test 154ea425e6 Correctly handle the return value from EVP_Cipher() in the CMAC code b896d9436d Ensure we never use a partially initialised CMAC_CTX 317ffa576b run_tests.pl: Add options for focussing output on failed (sub-)tests 2a3158ac5b Make error output of dhparams and dsaparams app more consistent 8da42c8b26 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA 498e807ed2 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c a61b6b623d Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c 8bf37709a4 Update RSA keygen to use sp800-56b by default Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=200, Tests=1995, 746 wallclock secs ( 8.94 usr 1.30 sys + 693.15 cusr 45.96 csys = 749.35 CPU) Result: FAIL Makefile:3098: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3096: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jun 12 07:24:13 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Jun 2020 07:24:13 +0000 Subject: Build failed: openssl master.34886 Message-ID: <20200612072413.1.EE581223BA9D9BB7@appveyor.com> An HTML attachment was scrubbed... URL: From beldmit at gmail.com Fri Jun 12 07:30:56 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Fri, 12 Jun 2020 07:30:56 +0000 Subject: [openssl] master update Message-ID: <1591947056.018305.22187.nullmailer@dev.openssl.org> The branch master has been updated via 7f81aed4bccbeb0ad491b68dd601d576c4956c78 (commit) from 0f6c3ebbf85b93ca78f6b5e5cead8f406fe70123 (commit) - Log ----------------------------------------------------------------- commit 7f81aed4bccbeb0ad491b68dd601d576c4956c78 Author: John Baldwin Date: Wed Jun 10 15:19:00 2020 -0700 Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. BSD-generic32 already uses this for building shared libraries on other 32-bit BSD platforms. Commit b7efa56 collapsed various *BSD targets down to the BSD-generic ones and BSD-x86. At the time only OpenBSD/i386 used `bsd-shared` while both FreeBSD and NetBSD used `bsd-gcc-shared`. In practice, all of the BSDs are using either a GCC/ld.bfd toolchain or a clang/lld toolchain both of which are compatible with 'bsd-gcc-shared'. Retire 'bsd-shared' since this removes the last user. Fixes #12050. Reviewed-by: Richard Levitte Reviewed-by: Ben Kaduk Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12110) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 1 - Configurations/shared-info.pl | 6 ------ 2 files changed, 7 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 7b5da5c469..a44a74cb32 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1004,7 +1004,6 @@ my %targets = ( CFLAGS => add(picker(release => "-fomit-frame-pointer")), lib_cppflags => add("-DL_ENDIAN"), bn_ops => "BN_LLONG", - shared_target => "bsd-shared", asm_arch => 'x86', perlasm_scheme => "a.out", }, diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl index 4243591493..82e828dc41 100644 --- a/Configurations/shared-info.pl +++ b/Configurations/shared-info.pl @@ -40,12 +40,6 @@ my %shared_info; }; }, 'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; }, - 'bsd-shared' => sub { - return $shared_info{'gnu-shared'} if detect_gnu_ld(); - return { - shared_ldflag => '-shared -nostdlib', - }; - }, 'darwin-shared' => { module_ldflags => '-bundle', shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)', From builds at travis-ci.com Fri Jun 12 08:53:38 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 12 Jun 2020 08:53:38 +0000 Subject: Still Failing: openssl/openssl#35434 (master - 7f81aed) In-Reply-To: Message-ID: <5ee34291dbbae_13fccd7a221bc5506@travis-pro-tasks-5657d5dc47-hcnph.mail> Build Update for openssl/openssl ------------------------------------- Build: #35434 Status: Still Failing Duration: 1 hr, 21 mins, and 5 secs Commit: 7f81aed (master) Author: John Baldwin Message: Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. BSD-generic32 already uses this for building shared libraries on other 32-bit BSD platforms. Commit b7efa56 collapsed various *BSD targets down to the BSD-generic ones and BSD-x86. At the time only OpenBSD/i386 used `bsd-shared` while both FreeBSD and NetBSD used `bsd-gcc-shared`. In practice, all of the BSDs are using either a GCC/ld.bfd toolchain or a clang/lld toolchain both of which are compatible with 'bsd-gcc-shared'. Retire 'bsd-shared' since this removes the last user. Fixes #12050. Reviewed-by: Richard Levitte Reviewed-by: Ben Kaduk Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12110) View the changeset: https://github.com/openssl/openssl/compare/0f6c3ebbf85b...7f81aed4bccb View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/170973727?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jun 12 09:57:26 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Jun 2020 09:57:26 +0000 Subject: Build completed: openssl master.34887 Message-ID: <20200612095726.1.FF167DB415F245B5@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jun 12 11:26:42 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 12 Jun 2020 11:26:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1591961202.478134.346.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 0f6c3ebbf8 doc: Add a hint to man3/EVP_$hash that it is legacy 1154ffbfb3 APPS: Use a second EVP_MD_CTX for EdDSA verify 42b2797e8a APPS: Exclude legacy algorighms from speed d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. 765d04c946 kdf: make function naming consistent. 5cff2df8ce Make it clear that you can't use all ciphers for CMAC a370ff8daa Add a CMAC test 154ea425e6 Correctly handle the return value from EVP_Cipher() in the CMAC code b896d9436d Ensure we never use a partially initialised CMAC_CTX 317ffa576b run_tests.pl: Add options for focussing output on failed (sub-)tests 2a3158ac5b Make error output of dhparams and dsaparams app more consistent 8da42c8b26 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA 498e807ed2 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c a61b6b623d Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c 8bf37709a4 Update RSA keygen to use sp800-56b by default Build log ended with (last 100 lines): 65-test_cmp_msg.t .................. ok 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=200, Tests=1922, 754 wallclock secs ( 7.98 usr 1.25 sys + 710.27 cusr 49.26 csys = 768.76 CPU) Result: FAIL Makefile:3100: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3098: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Fri Jun 12 16:06:56 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Jun 2020 16:06:56 +0000 Subject: Build failed: openssl master.34892 Message-ID: <20200612160656.1.323E879C64AFF9C8@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jun 12 17:19:02 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Jun 2020 17:19:02 +0000 Subject: Build completed: openssl master.34893 Message-ID: <20200612171902.1.1C602D990D8591D9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jun 12 23:16:18 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 12 Jun 2020 23:16:18 +0000 Subject: Build failed: openssl master.34895 Message-ID: <20200612231618.1.D631963FAB56E63E@appveyor.com> An HTML attachment was scrubbed... URL: From pauli at openssl.org Fri Jun 12 23:19:03 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Fri, 12 Jun 2020 23:19:03 +0000 Subject: [openssl] master update Message-ID: <1592003943.738233.31173.nullmailer@dev.openssl.org> The branch master has been updated via ffb6c86663f8d1048b8bac4023c0e41d3ec5891d (commit) via 5ea8afd368498101531c7e628507a17d1e0e122c (commit) from 7f81aed4bccbeb0ad491b68dd601d576c4956c78 (commit) - Log ----------------------------------------------------------------- commit ffb6c86663f8d1048b8bac4023c0e41d3ec5891d Author: Pauli Date: Fri Jun 12 08:48:06 2020 +1000 Guard new header mac.h against C++isms. [extended tests] Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12121) commit 5ea8afd368498101531c7e628507a17d1e0e122c Author: Pauli Date: Fri Jun 12 07:49:18 2020 +1000 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. [extended tests] Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12121) ----------------------------------------------------------------------- Summary of changes: crypto/evp/pkey_mac.c | 2 +- include/openssl/mac.h | 7 +++++++ test/ossl_shim/ossl_shim.cc | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index 1901c452e7..55badea7e9 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -400,7 +400,7 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 0; /* - * Since EVP_MAC_CTX_{get,set}_params() returned successfully, + * Since EVP_MAC_{get,set}_ctx_params() returned successfully, * we can only assume that the size was ignored, i.e. this * control is unsupported. */ diff --git a/include/openssl/mac.h b/include/openssl/mac.h index 4fb808525f..ecfb2eca27 100644 --- a/include/openssl/mac.h +++ b/include/openssl/mac.h @@ -17,6 +17,10 @@ # include # include +# ifdef __cplusplus +extern "C" { +# endif + EVP_MAC *EVP_MAC_fetch(OPENSSL_CTX *libctx, const char *algorithm, const char *properties); int EVP_MAC_up_ref(EVP_MAC *mac); @@ -49,4 +53,7 @@ void EVP_MAC_names_do_all(const EVP_MAC *mac, void (*fn)(const char *name, void *data), void *data); +# ifdef __cplusplus +} +# endif #endif /* OPENSSL_EVP_MAC_H */ diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index 720a92d9d6..0184778d4f 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -403,7 +403,7 @@ static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt) || !EVP_MAC_init(hmac_ctx) - || !EVP_MAC_CTX_set_params(hmac_ctx, params)) { + || !EVP_MAC_set_ctx_params(hmac_ctx, params)) { return -1; } From no-reply at appveyor.com Sat Jun 13 00:12:03 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 13 Jun 2020 00:12:03 +0000 Subject: Build failed: openssl master.34896 Message-ID: <20200613001203.1.5C8F255F927CF61F@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sat Jun 13 01:31:22 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 13 Jun 2020 01:31:22 +0000 Subject: Still Failing: openssl/openssl#35444 (master - ffb6c86) In-Reply-To: Message-ID: <5ee42c6a2137a_13fb0812aa1401447d8@travis-pro-tasks-699f64dd7f-9dds2.mail> Build Update for openssl/openssl ------------------------------------- Build: #35444 Status: Still Failing Duration: 1 hr, 32 mins, and 0 secs Commit: ffb6c86 (master) Author: Pauli Message: Guard new header mac.h against C++isms. [extended tests] Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12121) View the changeset: https://github.com/openssl/openssl/compare/7f81aed4bccb...ffb6c86663f8 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171177651?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sat Jun 13 02:19:05 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 13 Jun 2020 02:19:05 +0000 Subject: Build completed: openssl master.34897 Message-ID: <20200613021905.1.0E6BA78C0104AA9B@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat Jun 13 02:40:22 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 13 Jun 2020 02:40:22 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1592016022.416437.19181.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 0f6c3ebbf8 doc: Add a hint to man3/EVP_$hash that it is legacy 1154ffbfb3 APPS: Use a second EVP_MD_CTX for EdDSA verify 42b2797e8a APPS: Exclude legacy algorighms from speed d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. 765d04c946 kdf: make function naming consistent. 5cff2df8ce Make it clear that you can't use all ciphers for CMAC a370ff8daa Add a CMAC test 154ea425e6 Correctly handle the return value from EVP_Cipher() in the CMAC code b896d9436d Ensure we never use a partially initialised CMAC_CTX 317ffa576b run_tests.pl: Add options for focussing output on failed (sub-)tests 2a3158ac5b Make error output of dhparams and dsaparams app more consistent 8da42c8b26 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA 498e807ed2 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c a61b6b623d Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c 8bf37709a4 Update RSA keygen to use sp800-56b by default Build log ended with (last 100 lines): rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c CC="clang" /usr/bin/perl ../openssl/crypto/aes/asm/aes-x86_64.pl "elf" -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM crypto/aes/aes-x86_64.s ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4080: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3055: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Sat Jun 13 07:20:09 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 13 Jun 2020 07:20:09 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1592032809.662083.27300.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 0f6c3ebbf8 doc: Add a hint to man3/EVP_$hash that it is legacy 1154ffbfb3 APPS: Use a second EVP_MD_CTX for EdDSA verify 42b2797e8a APPS: Exclude legacy algorighms from speed d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. 765d04c946 kdf: make function naming consistent. 5cff2df8ce Make it clear that you can't use all ciphers for CMAC a370ff8daa Add a CMAC test 154ea425e6 Correctly handle the return value from EVP_Cipher() in the CMAC code b896d9436d Ensure we never use a partially initialised CMAC_CTX 317ffa576b run_tests.pl: Add options for focussing output on failed (sub-)tests 2a3158ac5b Make error output of dhparams and dsaparams app more consistent 8da42c8b26 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA 498e807ed2 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c a61b6b623d Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c 8bf37709a4 Update RSA keygen to use sp800-56b by default Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4090: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3065: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Sat Jun 13 09:47:15 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 13 Jun 2020 09:47:15 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1592041635.300518.25047.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: 0f6c3ebbf8 doc: Add a hint to man3/EVP_$hash that it is legacy 1154ffbfb3 APPS: Use a second EVP_MD_CTX for EdDSA verify 42b2797e8a APPS: Exclude legacy algorighms from speed d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. 765d04c946 kdf: make function naming consistent. 5cff2df8ce Make it clear that you can't use all ciphers for CMAC a370ff8daa Add a CMAC test 154ea425e6 Correctly handle the return value from EVP_Cipher() in the CMAC code b896d9436d Ensure we never use a partially initialised CMAC_CTX 317ffa576b run_tests.pl: Add options for focussing output on failed (sub-)tests 2a3158ac5b Make error output of dhparams and dsaparams app more consistent 8da42c8b26 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA 498e807ed2 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c a61b6b623d Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c 8bf37709a4 Update RSA keygen to use sp800-56b by default Build log ended with (last 100 lines): clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-list.d.tmp -MT apps/openssl-bin-list.o -c -o apps/openssl-bin-list.o ../openssl/apps/list.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-mac.d.tmp -MT apps/openssl-bin-mac.o -c -o apps/openssl-bin-mac.o ../openssl/apps/mac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-nseq.d.tmp -MT apps/openssl-bin-nseq.o -c -o apps/openssl-bin-nseq.o ../openssl/apps/nseq.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-ocsp.d.tmp -MT apps/openssl-bin-ocsp.o -c -o apps/openssl-bin-ocsp.o ../openssl/apps/ocsp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-openssl.d.tmp -MT apps/openssl-bin-openssl.o -c -o apps/openssl-bin-openssl.o ../openssl/apps/openssl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-passwd.d.tmp -MT apps/openssl-bin-passwd.o -c -o apps/openssl-bin-passwd.o ../openssl/apps/passwd.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs12.d.tmp -MT apps/openssl-bin-pkcs12.o -c -o apps/openssl-bin-pkcs12.o ../openssl/apps/pkcs12.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs7.d.tmp -MT apps/openssl-bin-pkcs7.o -c -o apps/openssl-bin-pkcs7.o ../openssl/apps/pkcs7.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs8.d.tmp -MT apps/openssl-bin-pkcs8.o -c -o apps/openssl-bin-pkcs8.o ../openssl/apps/pkcs8.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkey.d.tmp -MT apps/openssl-bin-pkey.o -c -o apps/openssl-bin-pkey.o ../openssl/apps/pkey.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyparam.d.tmp -MT apps/openssl-bin-pkeyparam.o -c -o apps/openssl-bin-pkeyparam.o ../openssl/apps/pkeyparam.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyutl.d.tmp -MT apps/openssl-bin-pkeyutl.o -c -o apps/openssl-bin-pkeyutl.o ../openssl/apps/pkeyutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-prime.d.tmp -MT apps/openssl-bin-prime.o -c -o apps/openssl-bin-prime.o ../openssl/apps/prime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-progs.d.tmp -MT apps/openssl-bin-progs.o -c -o apps/openssl-bin-progs.o apps/progs.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-provider.d.tmp -MT apps/openssl-bin-provider.o -c -o apps/openssl-bin-provider.o ../openssl/apps/provider.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rand.d.tmp -MT apps/openssl-bin-rand.o -c -o apps/openssl-bin-rand.o ../openssl/apps/rand.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rehash.d.tmp -MT apps/openssl-bin-rehash.o -c -o apps/openssl-bin-rehash.o ../openssl/apps/rehash.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-req.d.tmp -MT apps/openssl-bin-req.o -c -o apps/openssl-bin-req.o ../openssl/apps/req.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsa.d.tmp -MT apps/openssl-bin-rsa.o -c -o apps/openssl-bin-rsa.o ../openssl/apps/rsa.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsautl.d.tmp -MT apps/openssl-bin-rsautl.o -c -o apps/openssl-bin-rsautl.o ../openssl/apps/rsautl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_client.d.tmp -MT apps/openssl-bin-s_client.o -c -o apps/openssl-bin-s_client.o ../openssl/apps/s_client.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_server.d.tmp -MT apps/openssl-bin-s_server.o -c -o apps/openssl-bin-s_server.o ../openssl/apps/s_server.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_time.d.tmp -MT apps/openssl-bin-s_time.o -c -o apps/openssl-bin-s_time.o ../openssl/apps/s_time.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-sess_id.d.tmp -MT apps/openssl-bin-sess_id.o -c -o apps/openssl-bin-sess_id.o ../openssl/apps/sess_id.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-smime.d.tmp -MT apps/openssl-bin-smime.o -c -o apps/openssl-bin-smime.o ../openssl/apps/smime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-speed.d.tmp -MT apps/openssl-bin-speed.o -c -o apps/openssl-bin-speed.o ../openssl/apps/speed.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-spkac.d.tmp -MT apps/openssl-bin-spkac.o -c -o apps/openssl-bin-spkac.o ../openssl/apps/spkac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-srp.d.tmp -MT apps/openssl-bin-srp.o -c -o apps/openssl-bin-srp.o ../openssl/apps/srp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-storeutl.d.tmp -MT apps/openssl-bin-storeutl.o -c -o apps/openssl-bin-storeutl.o ../openssl/apps/storeutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-verify.d.tmp -MT apps/openssl-bin-verify.o -c -o apps/openssl-bin-verify.o ../openssl/apps/verify.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-version.d.tmp -MT apps/openssl-bin-version.o -c -o apps/openssl-bin-version.o ../openssl/apps/version.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-x509.d.tmp -MT apps/openssl-bin-x509.o -c -o apps/openssl-bin-x509.o ../openssl/apps/x509.c rm -f fuzz/cmp-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o fuzz/cmp-test \ fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-test-corpus.o \ libcrypto.a -ldl -pthread rm -f test/asn1_dsa_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_dsa_internal_test \ test/asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/asn1_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_internal_test \ test/asn1_internal_test-bin-asn1_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' rm -f test/bn_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/bn_internal_test \ test/bn_internal_test-bin-bn_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23040: recipe for target 'test/asn1_dsa_internal_test' failed make[1]: *** [test/asn1_dsa_internal_test] Error 1 make[1]: *** Waiting for unfinished jobs.... clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22819: recipe for target 'fuzz/cmp-test' failed make[1]: *** [fuzz/cmp-test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23070: recipe for target 'test/asn1_internal_test' failed make[1]: *** [test/asn1_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23268: recipe for target 'test/bn_internal_test' failed make[1]: *** [test/bn_internal_test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ts' Makefile:3038: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From kurt at openssl.org Sat Jun 13 10:05:24 2020 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 13 Jun 2020 10:05:24 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1592042724.337193.1236.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via ac4f465406ced9601cb8c9cb800ad9a37e61b6da (commit) from 4b7097025305b219694dd8b04f84155cd12fb71d (commit) - Log ----------------------------------------------------------------- commit ac4f465406ced9601cb8c9cb800ad9a37e61b6da Author: Sebastian Andrzej Siewior Date: Sat Apr 25 23:57:00 2020 +0200 doc: Random spellchecking A little spell checking. Backport of commit af0d413654d19 ("doc: Random spellchecking") Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Kurt Roeckx Reviewed-by: Paul Dale GH: #12075 ----------------------------------------------------------------------- Summary of changes: doc/man1/s_client.pod | 2 +- doc/man1/s_time.pod | 2 +- doc/man3/SSL_CTX_set_tlsext_servername_callback.pod | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 68a152a272..86cc295691 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -788,7 +788,7 @@ for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests -a client certificate. Therefor merely including a client certificate +a client certificate. Therefore merely including a client certificate on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the diff --git a/doc/man1/s_time.pod b/doc/man1/s_time.pod index e1a3bef41c..04cae196a5 100644 --- a/doc/man1/s_time.pod +++ b/doc/man1/s_time.pod @@ -184,7 +184,7 @@ send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> option it will not be used unless the server specifically requests -a client certificate. Therefor merely including a client certificate +a client certificate. Therefore merely including a client certificate on the command line is no guarantee that the certificate works. =head1 BUGS diff --git a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod index e971035734..160a7343c3 100644 --- a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod +++ b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod @@ -88,7 +88,7 @@ Otherwise it returns NULL. =item On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred -If the session from the orignal handshake had a servername accepted by the +If the session from the original handshake had a servername accepted by the server then it will return that servername. Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL @@ -157,12 +157,12 @@ corner cases. This has been fixed from OpenSSL 1.1.1e. Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2 handshake, the server accepted it, and then the client successfully resumed but -set a different explict servername in the second handshake then when called by +set a different explicit servername in the second handshake then when called by the client it returned the servername from the second handshake. This has now been changed to return the servername requested in the original handshake. Also prior to 1.1.1e, if the client sent a servername in the first handshake but -the server did not accept it, and then a second handshake occured where TLSv1.2 +the server did not accept it, and then a second handshake occurred where TLSv1.2 resumption was successful then when called by the server it returned the servername requested in the original handshake. This has now been changed to NULL. From dev at ddvo.net Sat Jun 13 13:16:59 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Sat, 13 Jun 2020 13:16:59 +0000 Subject: [openssl] master update Message-ID: <1592054219.244754.4658.nullmailer@dev.openssl.org> The branch master has been updated via 168c595b14ff034ec40642ec1cb5d2c77ce82e0e (commit) via 5e7be6e666aa5cbb02b929fe09f43e0ba757444a (commit) via c4a9e3ebbbbc2dc371b4fea5fa62120ed14ecaa7 (commit) via 7e8dbb74620ac4420ad4d3adca51ce1b9a3e114c (commit) via 1a27fe4be2223fcd88fdf9849bfabf7c6818796c (commit) via 8b22c283b800834d605ebddec531139ce8573bcc (commit) via 12bbcee21bf45665f0940f29e57b74281a861c1c (commit) via 5aed1786fcd038f16683a80ddbd0599cda0bb488 (commit) via 430efff1b9baa36099b5443c924f96b854e00300 (commit) via ca6f1ba9037e019d9f45b7751f36c8e72488632d (commit) via 7aa70fd5e1281d86fbddcdfab03a474d0b6978af (commit) via 032b13c78447e29a22db70835725d8aae455a47b (commit) via f009e37c76df33ffa32204e94a9564ceb71c7745 (commit) via 2620c38ba8f9bd4ceffd124e12e2a630621abe27 (commit) via 50e09788d54c5b700c39a53725c3d51b21cf536e (commit) via 5a2ba207ed94e79db606f80cf2873367e2a843bf (commit) via 1693135564d00e34ca9f41ff785b5d60e3500415 (commit) via 7e998a0fdcbc59ef527ae84338439af75986c96a (commit) via 6d934add347c7d07fbe0e7a0ced1fdc9813ad640 (commit) via 0d17c2f4bc81552202dcf359e7552f3a64ecf4f2 (commit) via b27ff9b87cdaeb25579d70c5b2bd6b27f8a788ec (commit) via ce0465edc7a55fb7fb7d1a5e724b6467ede30f42 (commit) from ffb6c86663f8d1048b8bac4023c0e41d3ec5891d (commit) - Log ----------------------------------------------------------------- commit 168c595b14ff034ec40642ec1cb5d2c77ce82e0e Author: Dr. David von Oheimb Date: Sat May 30 18:27:03 2020 +0200 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 5e7be6e666aa5cbb02b929fe09f43e0ba757444a Author: Dr. David von Oheimb Date: Fri May 29 21:52:27 2020 +0200 Remove extra newline from CMP mock server error and add TODO on using request template Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit c4a9e3ebbbbc2dc371b4fea5fa62120ed14ecaa7 Author: Dr. David von Oheimb Date: Fri May 29 17:14:14 2020 +0200 Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() as checking expected_sender and adding caPubs is not part of msg validation. Also constify a couple of internal and public functions related to cmp_vfy.c Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 7e8dbb74620ac4420ad4d3adca51ce1b9a3e114c Author: Dr. David von Oheimb Date: Fri May 29 17:11:48 2020 +0200 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 1a27fe4be2223fcd88fdf9849bfabf7c6818796c Author: Dr. David von Oheimb Date: Fri May 29 17:10:48 2020 +0200 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 8b22c283b800834d605ebddec531139ce8573bcc Author: Dr. David von Oheimb Date: Fri May 29 13:30:03 2020 +0200 Improve description of CMP untrusted certs and msg 'sender' field Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 12bbcee21bf45665f0940f29e57b74281a861c1c Author: Dr. David von Oheimb Date: Fri May 29 10:16:06 2020 +0200 Make CMP server use same protection for response as for request Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 5aed1786fcd038f16683a80ddbd0599cda0bb488 Author: Dr. David von Oheimb Date: Thu May 28 21:42:26 2020 +0200 Fill in transactionID on any error in OSSL_CMP_SRV_process_request() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 430efff1b9baa36099b5443c924f96b854e00300 Author: Dr. David von Oheimb Date: Thu May 28 17:19:36 2020 +0200 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() Bugfix: allow using extraCerts contained in msg already while checking signature Improve function name, simplify its return value, and update its documentation Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit ca6f1ba9037e019d9f45b7751f36c8e72488632d Author: Dr. David von Oheimb Date: Thu May 28 17:09:21 2020 +0200 Improve cert checking diagnostics of OSSL_CMP_validate_msg() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 7aa70fd5e1281d86fbddcdfab03a474d0b6978af Author: Dr. David von Oheimb Date: Wed May 27 17:52:53 2020 +0200 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 032b13c78447e29a22db70835725d8aae455a47b Author: Dr. David von Oheimb Date: Wed May 27 17:28:35 2020 +0200 Correct error reason of verify_signature() in cmp_vfy.c Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit f009e37c76df33ffa32204e94a9564ceb71c7745 Author: Dr. David von Oheimb Date: Tue May 26 11:09:03 2020 +0200 Extend error output of apps/opt_format() to all error cases Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 2620c38ba8f9bd4ceffd124e12e2a630621abe27 Author: Dr. David von Oheimb Date: Tue May 26 10:44:10 2020 +0200 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 50e09788d54c5b700c39a53725c3d51b21cf536e Author: Dr. David von Oheimb Date: Tue May 26 08:35:33 2020 +0200 Fix use of -no-proxy option of CMP app Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 5a2ba207ed94e79db606f80cf2873367e2a843bf Author: Dr. David von Oheimb Date: Mon May 25 17:32:26 2020 +0200 Add request URL path checking and status responses to HTTP server Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 1693135564d00e34ca9f41ff785b5d60e3500415 Author: Dr. David von Oheimb Date: Wed May 20 15:10:05 2020 +0200 Allow subject of CMP -oldcert as sender unless protection cert is given Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 7e998a0fdcbc59ef527ae84338439af75986c96a Author: Dr. David von Oheimb Date: Wed May 20 09:14:30 2020 +0200 Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 6d934add347c7d07fbe0e7a0ced1fdc9813ad640 Author: Dr. David von Oheimb Date: Wed May 20 08:11:47 2020 +0200 Check expected sender not only for signature-protected CMP messages Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit 0d17c2f4bc81552202dcf359e7552f3a64ecf4f2 Author: Dr. David von Oheimb Date: Tue May 19 09:47:46 2020 +0200 Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit b27ff9b87cdaeb25579d70c5b2bd6b27f8a788ec Author: Dr. David von Oheimb Date: Tue May 19 12:30:11 2020 +0200 Streamline the approach to set CMP message recipient and expected sender Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) commit ce0465edc7a55fb7fb7d1a5e724b6467ede30f42 Author: Dr. David von Oheimb Date: Mon May 18 10:50:30 2020 +0200 Fix too strict checks of ossl_cmp_calc_protection() Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 40 +- apps/cmp_mock_srv.c | 1 + apps/include/http_server.h | 30 +- apps/lib/apps.c | 13 +- apps/lib/http_server.c | 101 +- apps/lib/opt.c | 27 +- apps/ocsp.c | 16 +- crypto/cmp/cmp_client.c | 4 +- crypto/cmp/cmp_ctx.c | 2 +- crypto/cmp/cmp_err.c | 2 + crypto/cmp/cmp_hdr.c | 34 +- crypto/cmp/cmp_local.h | 5 +- crypto/cmp/cmp_msg.c | 10 +- crypto/cmp/cmp_protect.c | 14 +- crypto/cmp/cmp_server.c | 48 +- crypto/cmp/cmp_vfy.c | 301 ++-- crypto/err/openssl.txt | 1 + doc/internal/man3/ossl_cmp_hdr_init.pod | 9 +- doc/internal/man3/ossl_cmp_msg_check_received.pod | 86 -- doc/internal/man3/ossl_cmp_msg_check_update.pod | 95 ++ doc/man1/openssl-cmp.pod.in | 109 +- doc/man3/OSSL_CMP_CTX_new.pod | 100 +- doc/man3/OSSL_CMP_SRV_CTX_new.pod | 17 +- doc/man3/OSSL_CMP_validate_msg.pod | 7 - fuzz/cmp.c | 2 +- include/openssl/cmp.h | 4 +- include/openssl/cmperr.h | 2 + test/cmp_client_test.c | 3 +- test/cmp_vfy_test.c | 82 +- test/recipes/81-test_cmp_cli.t | 291 ++++ test/recipes/81-test_cmp_cli_data/Mock/12345.txt | 1 + .../81-test_cmp_cli_data/Mock/big_issuing.crt | 1577 ++++++++++++++++++++ .../recipes/81-test_cmp_cli_data/Mock/big_root.crt | 1554 +++++++++++++++++++ .../81-test_cmp_cli_data/Mock/big_server.crt | 1550 +++++++++++++++++++ .../81-test_cmp_cli_data/Mock/big_trusted.crt | 1552 +++++++++++++++++++ .../recipes/81-test_cmp_cli_data/Mock/empty.txt | 0 test/recipes/81-test_cmp_cli_data/Mock/issuing.crt | 45 + .../81-test_cmp_cli_data/Mock/new.key} | 0 .../81-test_cmp_cli_data/Mock/new_pass_12345.key | 30 + test/recipes/81-test_cmp_cli_data/Mock/random.bin | Bin 0 -> 102400 bytes test/recipes/81-test_cmp_cli_data/Mock/root.crt | 22 + test/recipes/81-test_cmp_cli_data/Mock/server.cnf | 16 + test/recipes/81-test_cmp_cli_data/Mock/server.crt | 19 + .../Mock}/server.key | 0 test/recipes/81-test_cmp_cli_data/Mock/signer.crt | 68 + .../81-test_cmp_cli_data/Mock/signer.key} | 0 test/recipes/81-test_cmp_cli_data/Mock/signer.p12 | Bin 0 -> 5341 bytes .../81-test_cmp_cli_data/Mock/signer_issuing.crt | 45 + .../81-test_cmp_cli_data/Mock/signer_only.crt} | 0 .../81-test_cmp_cli_data/Mock/signer_root.crt | 22 + test/recipes/81-test_cmp_cli_data/Mock/test.cnf | 140 ++ test/recipes/81-test_cmp_cli_data/Mock/trusted.crt | 19 + .../recipes/81-test_cmp_cli_data/test_commands.csv | 54 + .../81-test_cmp_cli_data/test_connection.csv | 43 + .../81-test_cmp_cli_data/test_credentials.csv | 46 + .../81-test_cmp_cli_data/test_enrollment.csv | 112 ++ .../81-test_cmp_cli_data/test_verification.csv | 51 + 57 files changed, 7910 insertions(+), 512 deletions(-) delete mode 100644 doc/internal/man3/ossl_cmp_msg_check_received.pod create mode 100644 doc/internal/man3/ossl_cmp_msg_check_update.pod create mode 100644 test/recipes/81-test_cmp_cli.t create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/12345.txt create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/big_issuing.crt create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/big_root.crt create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/big_server.crt create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/big_trusted.crt copy fuzz/corpora/bignum/da39a3ee5e6b4b0d3255bfef95601890afd80709 => test/recipes/81-test_cmp_cli_data/Mock/empty.txt (100%) create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/issuing.crt copy test/{certs/leaf.key => recipes/81-test_cmp_cli_data/Mock/new.key} (100%) mode change 100644 => 100755 create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/new_pass_12345.key create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/random.bin create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/root.crt create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/server.cnf create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/server.crt copy test/recipes/{65-test_cmp_client_data => 81-test_cmp_cli_data/Mock}/server.key (100%) create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/signer.crt copy test/{certs/leaf.key => recipes/81-test_cmp_cli_data/Mock/signer.key} (100%) mode change 100644 => 100755 create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/signer.p12 create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/signer_issuing.crt copy test/{certs/leaf.pem => recipes/81-test_cmp_cli_data/Mock/signer_only.crt} (100%) mode change 100644 => 100755 create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/signer_root.crt create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/test.cnf create mode 100644 test/recipes/81-test_cmp_cli_data/Mock/trusted.crt create mode 100644 test/recipes/81-test_cmp_cli_data/test_commands.csv create mode 100644 test/recipes/81-test_cmp_cli_data/test_connection.csv create mode 100644 test/recipes/81-test_cmp_cli_data/test_credentials.csv create mode 100644 test/recipes/81-test_cmp_cli_data/test_enrollment.csv create mode 100644 test/recipes/81-test_cmp_cli_data/test_verification.csv diff --git a/apps/cmp.c b/apps/cmp.c index 72ebe34d26..f80410fe9c 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -347,16 +347,16 @@ const OPTIONS cmp_options[] = { OPT_SECTION("Server authentication"), {"trusted", OPT_TRUSTED, 's', - "Trusted certs used for CMP server authentication when verifying responses"}, + "Certificates to trust as chain roots when verifying signed CMP responses"}, {OPT_MORE_STR, 0, 0, "unless -srvcert is given"}, {"untrusted", OPT_UNTRUSTED, 's', - "Intermediate certs for chain construction verifying CMP/TLS/enrolled certs"}, + "Intermediate CA certs for chain construction for CMP/TLS/enrolled certs"}, {"srvcert", OPT_SRVCERT, 's', - "Specific CMP server cert to use and trust directly when verifying responses"}, + "Server cert to pin and trust directly when verifying signed CMP responses"}, {"recipient", OPT_RECIPIENT, 's', - "Distinguished Name (DN) of the recipient to use unless -srvcert is given"}, + "Distinguished Name (DN) to use as msg recipient; see man page for defaults"}, {"expect_sender", OPT_EXPECT_SENDER, 's', - "DN of expected response sender. Defaults to DN of -srvcert, if provided"}, + "DN of expected sender of responses. Defaults to subject of -srvcert, if any"}, {"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-', "Ignore CMP signer cert key usage, else 'digitalSignature' must be allowed"}, {"unprotected_errors", OPT_UNPROTECTED_ERRORS, '-', @@ -1637,8 +1637,7 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, ENGINE *e) /* * Any further certs and any untrusted certs are used for constructing - * the client cert chain to be provided along with the TLS client cert - * to the TLS server. + * the chain to be provided with the TLS client cert to the TLS server. */ if (!SSL_CTX_set0_chain(ssl_ctx, certs)) { CMP_err("could not set TLS client cert chain"); @@ -2097,9 +2096,12 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *e) goto oom; if (opt_proxy != NULL && !OSSL_CMP_CTX_set1_proxy(ctx, opt_proxy)) goto oom; + if (opt_no_proxy != NULL && !OSSL_CMP_CTX_set1_no_proxy(ctx, opt_no_proxy)) + goto oom; (void)BIO_snprintf(server_buf, sizeof(server_buf), "http%s://%s%s%s/%s", opt_tls_used ? "s" : "", opt_server, server_port == 0 ? "" : ":", server_port_s, + opt_path == NULL ? "" : opt_path[0] == '/' ? opt_path + 1 : opt_path); if (opt_proxy != NULL) @@ -2221,7 +2223,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *e) if (!set_name(opt_recipient, OSSL_CMP_CTX_set1_recipient, ctx, "recipient") || !set_name(opt_expect_sender, OSSL_CMP_CTX_set1_expected_sender, ctx, "expected sender")) - goto oom; + goto err; if (opt_geninfo != NULL && !handle_opt_geninfo(ctx)) goto err; @@ -2977,12 +2979,13 @@ int cmp_main(int argc, char **argv) if ((acbio = http_server_init_bio(prog, opt_port)) == NULL) goto err; while (opt_max_msgs <= 0 || msgs < opt_max_msgs) { + char *path = NULL; OSSL_CMP_MSG *req = NULL; OSSL_CMP_MSG *resp = NULL; ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG), - (ASN1_VALUE **)&req, &cbio, acbio, - prog, 0, 0); + (ASN1_VALUE **)&req, &path, + &cbio, acbio, prog, 0, 0); if (ret == 0) continue; if (ret++ == -1) @@ -2991,17 +2994,32 @@ int cmp_main(int argc, char **argv) ret = 0; msgs++; if (req != NULL) { + if (strcmp(path, "") != 0 && strcmp(path, "pkix/") != 0) { + (void)http_server_send_status(cbio, 404, "Not Found"); + CMP_err1("Expecting empty path or 'pkix/' but got '%s'", + path); + OPENSSL_free(path); + OSSL_CMP_MSG_free(req); + goto cont; + } + OPENSSL_free(path); resp = OSSL_CMP_CTX_server_perform(cmp_ctx, req); OSSL_CMP_MSG_free(req); - if (resp == NULL) + if (resp == NULL) { + (void)http_server_send_status(cbio, + 500, "Internal Server Error"); break; /* treated as fatal error */ + } ret = http_server_send_asn1_resp(cbio, "application/pkixcmp", ASN1_ITEM_rptr(OSSL_CMP_MSG), (const ASN1_VALUE *)resp); OSSL_CMP_MSG_free(resp); if (!ret) break; /* treated as fatal error */ + } else { + (void)http_server_send_status(cbio, 400, "Bad Request"); } + cont: BIO_free_all(cbio); cbio = NULL; } diff --git a/apps/cmp_mock_srv.c b/apps/cmp_mock_srv.c index b45f98551c..c63e5f9943 100644 --- a/apps/cmp_mock_srv.c +++ b/apps/cmp_mock_srv.c @@ -208,6 +208,7 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, } if (ctx->certOut != NULL && (*certOut = X509_dup(ctx->certOut)) == NULL) + /* TODO better return a cert produced from data in request template */ goto err; if (ctx->chainOut != NULL && (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL) diff --git a/apps/include/http_server.h b/apps/include/http_server.h index 8c65521339..1264753899 100644 --- a/apps/include/http_server.h +++ b/apps/include/http_server.h @@ -60,23 +60,29 @@ void log_message(const char *prog, int level, const char *fmt, ...); * returns a BIO for accepting requests, NULL on error */ BIO *http_server_init_bio(const char *prog, const char *port); + /*- * Accept an ASN.1-formatted HTTP request * it: the expected request ASN.1 type * preq: pointer to variable where to place the parsed request * pcbio: pointer to variable where to place the BIO for sending the response to + * ppath: pointer to variable where to place the request path, or NULL * acbio: the listening bio (typically as returned by http_server_init_bio()) * prog: the name of the current app - * accept_get: wheter to accept GET requests (in addition to POST requests) + * accept_get: whether to accept GET requests (in addition to POST requests) * timeout: connection timeout (in seconds), or 0 for none/infinite - * returns 0 in case caller should retry, then *preq == *pcbio == NULL - * returns -1 on fatal error; also in this case *preq == *pcbio == NULL - * returns 1 otherwise. In this case it is guaranteed that *pcbio != NULL - * while *preq == NULL if and only if request is invalid + * returns 0 in case caller should retry, then *preq == *ppath == *pcbio == NULL + * returns -1 on fatal error; also then holds *preq == *ppath == *pcbio == NULL + * returns 1 otherwise. In this case it is guaranteed that *pcbio != NULL while + * *ppath == NULL and *preq == NULL if and only if the request is invalid, + * On return value 1 the caller is responsible for sending an HTTP response, + * using http_server_send_asn1_resp() or http_server_send_status(). + * The caller must free any non-NULL *preq, *ppath, and *pcbio pointers. */ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, - BIO **pcbio, BIO *acbio, - const char *prog, int accept_get, int timeout); + char **ppath, BIO **pcbio, BIO *acbio, + const char *prog, int accept_get, int timeout); + /*- * Send an ASN.1-formatted HTTP response * cbio: destination BIO (typically as returned by http_server_get_asn1_req()) @@ -89,6 +95,16 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, */ int http_server_send_asn1_resp(BIO *cbio, const char *content_type, const ASN1_ITEM *it, const ASN1_VALUE *resp); + +/*- + * Send a trivial HTTP response, typically to report an error or OK + * cbio: destination BIO (typically as returned by http_server_get_asn1_req()) + * status: the status code to send + * reason: the corresponding human-readable string + * returns 1 on success, 0 on failure + */ +int http_server_send_status(BIO *cbio, int status, const char *reason); + # endif # ifdef HTTP_DAEMON diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 6fd27c3665..6c9d62fb62 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1631,7 +1631,7 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) goto err; } - while (*cp) { + while (*cp != '\0') { char *bp = work; char *typestr = bp; unsigned char *valstr; @@ -1640,12 +1640,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) nextismulti = 0; /* Collect the type */ - while (*cp && *cp != '=') + while (*cp != '\0' && *cp != '=') *bp++ = *cp++; if (*cp == '\0') { BIO_printf(bio_err, - "%s: Hit end of string before finding the '='\n", - opt_getprog()); + "%s: Hit end of string before finding the '='\n", + opt_getprog()); goto err; } *bp++ = '\0'; @@ -1653,7 +1653,7 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) /* Collect the value. */ valstr = (unsigned char *)bp; - for (; *cp && *cp != '/'; *bp++ = *cp++) { + for (; *cp != '\0' && *cp != '/'; *bp++ = *cp++) { if (canmulti && *cp == '+') { nextismulti = 1; break; @@ -1668,7 +1668,7 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) *bp++ = '\0'; /* If not at EOS (must be + or /), move forward. */ - if (*cp) + if (*cp != '\0') ++cp; /* Parse */ @@ -1687,6 +1687,7 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti) if (!X509_NAME_add_entry_by_NID(n, nid, chtype, valstr, strlen((char *)valstr), -1, ismulti ? -1 : 0)) { + ERR_print_errors(bio_err); BIO_printf(bio_err, "%s: Error adding name attribute \"/%s=%s\"\n", opt_getprog(), typestr ,valstr); goto err; diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c index 2b5c9f5dcd..11f0b1fcb5 100644 --- a/apps/lib/http_server.c +++ b/apps/lib/http_server.c @@ -255,17 +255,19 @@ static int urldecode(char *p) } int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, - BIO **pcbio, BIO *acbio, + char **ppath, BIO **pcbio, BIO *acbio, const char *prog, int accept_get, int timeout) { BIO *cbio = NULL, *getbio = NULL, *b64 = NULL; int len; char reqbuf[2048], inbuf[2048]; - char *url, *end; + char *meth, *url, *end; ASN1_VALUE *req; int ret = 1; *preq = NULL; + if (ppath != NULL) + *ppath = NULL; *pcbio = NULL; /* Connection loss before accept() is routine, ignore silently */ @@ -275,6 +277,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, cbio = BIO_pop(acbio); *pcbio = cbio; if (cbio == NULL) { + /* Cannot call http_server_send_status(cbio, ...) */ ret = -1; goto out; } @@ -288,16 +291,26 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, /* Read the request line. */ len = BIO_gets(cbio, reqbuf, sizeof(reqbuf)); - if (len <= 0) + if (len <= 0) { + log_message(prog, LOG_INFO, + "Request line read error or empty request"); + (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; + } - if (accept_get && strncmp(reqbuf, "GET ", 4) == 0) { - /* Expecting GET {sp} /URL {sp} HTTP/1.x */ - for (url = reqbuf + 4; *url == ' '; ++url) - continue; + meth = reqbuf; + url = meth + 3; + if ((accept_get && strncmp(meth, "GET ", 4) == 0) + || (url++, strncmp(meth, "POST ", 5) == 0)) { + /* Expecting (GET|POST) {sp} /URL {sp} HTTP/1.x */ + *(url++) = '\0'; + while (*url == ' ') + url++; if (*url != '/') { log_message(prog, LOG_INFO, - "Invalid GET -- URL does not begin with '/': %s", url); + "Invalid %s -- URL does not begin with '/': %s", + meth, url); + (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } url++; @@ -308,7 +321,9 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, break; if (strncmp(end, " HTTP/1.", 7) != 0) { log_message(prog, LOG_INFO, - "Invalid GET -- bad HTTP/version string: %s", end + 1); + "Invalid %s -- bad HTTP/version string: %s", + meth, end + 1); + (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } *end = '\0'; @@ -318,39 +333,52 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, * 'url' was incremented above to point to the first byte *after* * the leading slash, so in case 'GET / ' it is now an empty string. */ - if (url[0] == '\0') + if (strlen(meth) == 3 && url[0] == '\0') { + (void)http_server_send_status(cbio, 200, "OK"); goto out; + } len = urldecode(url); - if (len <= 0) { + if (len < 0) { log_message(prog, LOG_INFO, - "Invalid GET request -- bad URL encoding: %s", url); + "Invalid %s request -- bad URL encoding: %s", + meth, url); + (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } - if ((getbio = BIO_new_mem_buf(url, len)) == NULL - || (b64 = BIO_new(BIO_f_base64())) == NULL) { - log_message(prog, LOG_ERR, - "Could not allocate base64 bio with size = %d", len); - BIO_free_all(cbio); - *pcbio = NULL; - ret = -1; - goto out; + if (strlen(meth) == 3) { /* GET */ + if ((getbio = BIO_new_mem_buf(url, len)) == NULL + || (b64 = BIO_new(BIO_f_base64())) == NULL) { + log_message(prog, LOG_ERR, + "Could not allocate base64 bio with size = %d", + len); + goto fatal; + } + BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); + getbio = BIO_push(b64, getbio); } - BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); - getbio = BIO_push(b64, getbio); - } else if (strncmp(reqbuf, "POST ", 5) != 0) { + } else { log_message(prog, LOG_INFO, "HTTP request does not start with GET/POST: %s", reqbuf); /* TODO provide better diagnosis in case client tries TLS */ + (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } + /* chop any further/duplicate leading or trailing '/' */ + while (*url == '/') + url++; + while (end >= url + 2 && end[-2] == '/' && end[-1] == '/') + end--; + *end = '\0'; + /* Read and skip past the headers. */ for (;;) { len = BIO_gets(cbio, inbuf, sizeof(inbuf)); if (len <= 0) { log_message(prog, LOG_ERR, "Error skipping remaining HTTP headers"); + (void)http_server_send_status(cbio, 400, "Bad Request"); goto out; } if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) @@ -365,8 +393,14 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, /* Try to read and parse request */ req = ASN1_item_d2i_bio(it, getbio != NULL ? getbio : cbio, NULL); - if (req == NULL) + if (req == NULL) { log_message(prog, LOG_ERR, "Error parsing request"); + } else if (ppath != NULL && (*ppath = OPENSSL_strdup(url)) == NULL) { + log_message(prog, LOG_ERR, + "Out of memory allocating %d bytes", strlen(url) + 1); + ASN1_item_free(req, it); + goto fatal; + } *preq = req; @@ -378,6 +412,17 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, acfd = (int)INVALID_SOCKET; # endif return ret; + + fatal: + (void)http_server_send_status(cbio, 500, "Internal Server Error"); + if (ppath != NULL) { + OPENSSL_free(*ppath); + *ppath = NULL; + } + BIO_free_all(cbio); + *pcbio = NULL; + ret = -1; + goto out; } /* assumes that cbio does not do an encoding that changes the output length */ @@ -392,4 +437,12 @@ int http_server_send_asn1_resp(BIO *cbio, const char *content_type, (void)BIO_flush(cbio); return ret; } + +int http_server_send_status(BIO *cbio, int status, const char *reason) +{ + int ret = BIO_printf(cbio, "HTTP/1.0 %d %s\r\n\r\n", status, reason) > 0; + + (void)BIO_flush(cbio); + return ret; +} #endif diff --git a/apps/lib/opt.c b/apps/lib/opt.c index 566de8ab7d..d6bfecc8ff 100644 --- a/apps/lib/opt.c +++ b/apps/lib/opt.c @@ -209,6 +209,7 @@ int opt_format(const char *s, unsigned long flags, int *result) { switch (*s) { default: + opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s); return 0; case 'D': case 'd': @@ -275,6 +276,7 @@ int opt_format(const char *s, unsigned long flags, int *result) return opt_format_error(s, flags); *result = FORMAT_PKCS12; } else { + opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s); return 0; } break; @@ -740,40 +742,29 @@ int opt_next(void) break; case 'p': case 'n': - if (!opt_int(arg, &ival) - || (o->valtype == 'p' && ival <= 0)) { + if (!opt_int(arg, &ival)) + return -1; + if (o->valtype == 'p' && ival <= 0) { opt_printf_stderr("%s: Non-positive number \"%s\" for -%s\n", prog, arg, o->name); return -1; } break; case 'M': - if (!opt_imax(arg, &imval)) { - opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n", - prog, arg, o->name); + if (!opt_imax(arg, &imval)) return -1; - } break; case 'U': - if (!opt_umax(arg, &umval)) { - opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n", - prog, arg, o->name); + if (!opt_umax(arg, &umval)) return -1; - } break; case 'l': - if (!opt_long(arg, &lval)) { - opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n", - prog, arg, o->name); + if (!opt_long(arg, &lval)) return -1; - } break; case 'u': - if (!opt_ulong(arg, &ulval)) { - opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n", - prog, arg, o->name); + if (!opt_ulong(arg, &ulval)) return -1; - } break; case 'c': case 'E': diff --git a/apps/ocsp.c b/apps/ocsp.c index fd03611fe9..6095e6b2f6 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -234,7 +234,7 @@ int ocsp_main(int argc, char **argv) int noCAfile = 0, noCApath = 0, noCAstore = 0; int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1; int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1; - int req_text = 0, resp_text = 0, ret = 1; + int req_text = 0, resp_text = 0, res, ret = 1; int req_timeout = -1; long nsec = MAX_VALIDITY_PERIOD, maxage = -1; unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; @@ -629,13 +629,17 @@ redo_accept: #endif req = NULL; - if (!do_responder(&req, &cbio, acbio, req_timeout)) + res = do_responder(&req, &cbio, acbio, req_timeout); + if (res == 0) goto redo_accept; if (req == NULL) { - resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, - NULL); - send_ocsp_response(cbio, resp); + if (res == 1) { + resp = + OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, + NULL); + send_ocsp_response(cbio, resp); + } goto done_resp; } } @@ -1151,7 +1155,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, { #ifndef OPENSSL_NO_SOCK return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_RESPONSE), - (ASN1_VALUE **)preq, pcbio, acbio, + (ASN1_VALUE **)preq, NULL, pcbio, acbio, prog, 1 /* accept_get */, timeout); #else BIO_printf(bio_err, diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index d309f84a78..f38d8651f4 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -189,8 +189,8 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, */ ossl_cmp_log1(INFO, ctx, "received %s", ossl_cmp_bodytype_to_string(bt)); - if ((bt = ossl_cmp_msg_check_received(ctx, *rep, unprotected_exception, - expected_type)) < 0) + if (!ossl_cmp_msg_check_update(ctx, *rep, unprotected_exception, + expected_type)) return 0; if (bt == expected_type diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 9aeee7f5dd..9f70de5038 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -393,7 +393,7 @@ int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb) } /* Print OpenSSL and CMP errors via the log cb of the ctx or ERR_print_errors */ -void OSSL_CMP_CTX_print_errors(OSSL_CMP_CTX *ctx) +void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx) { OSSL_CMP_print_errors_cb(ctx == NULL ? NULL : ctx->log_cb); } diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c index 0c3547c013..5f2f713b08 100644 --- a/crypto/cmp/cmp_err.c +++ b/crypto/cmp/cmp_err.c @@ -76,6 +76,8 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { "error unexpected certconf"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_VALIDATING_PROTECTION), "error validating protection"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_VALIDATING_SIGNATURE), + "error validating signature"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILED_EXTRACTING_PUBKEY), "failed extracting pubkey"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILURE_OBTAINING_RANDOM), diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index b07bf031bf..364d89a9b0 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -41,6 +41,14 @@ int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr) return (int)pvno; } +int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr) +{ + if (!ossl_assert(hdr != NULL) + || hdr->protectionAlg == NULL) + return NID_undef; + return OBJ_obj2nid(hdr->protectionAlg->algorithm); +} + ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const OSSL_CMP_PKIHEADER *hdr) { @@ -300,30 +308,26 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) return 0; /* - * The sender name is copied from the subject of the client cert, if any, - * or else from the subject name provided for certification requests. + * If neither protection cert nor oldCert nor subject are given, + * sender name is not known to the client and thus set to NULL-DN */ - sender = ctx->cert != NULL ? - X509_get_subject_name(ctx->cert) : ctx->subjectName; + sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) : + ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) : + ctx->subjectName; if (!ossl_cmp_hdr_set1_sender(hdr, sender)) return 0; /* determine recipient entry in PKIHeader */ - if (ctx->srvCert != NULL) { - rcp = X509_get_subject_name(ctx->srvCert); - /* set also as expected_sender of responses unless set explicitly */ - if (ctx->expected_sender == NULL && rcp != NULL - && !OSSL_CMP_CTX_set1_expected_sender(ctx, rcp)) - return 0; - } else if (ctx->recipient != NULL) { + if (ctx->recipient != NULL) rcp = ctx->recipient; - } else if (ctx->issuer != NULL) { + else if (ctx->srvCert != NULL) + rcp = X509_get_subject_name(ctx->srvCert); + else if (ctx->issuer != NULL) rcp = ctx->issuer; - } else if (ctx->oldCert != NULL) { + else if (ctx->oldCert != NULL) rcp = X509_get_issuer_name(ctx->oldCert); - } else if (ctx->cert != NULL) { + else if (ctx->cert != NULL) rcp = X509_get_issuer_name(ctx->cert); - } if (!ossl_cmp_hdr_set1_recipient(hdr, rcp)) return 0; diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 0c0ca3466a..0d874ae785 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -796,6 +796,7 @@ int ossl_cmp_pkisi_check_pkifailureinfo(const OSSL_CMP_PKISI *si, int index); /* from cmp_hdr.c */ int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno); int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr); +int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr); ASN1_OCTET_STRING *ossl_cmp_hdr_get0_senderNonce(const OSSL_CMP_PKIHEADER *hdr); int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name); int ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm); @@ -908,8 +909,8 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); typedef int (*ossl_cmp_allow_unprotected_cb_t)(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, int invalid_protection, int arg); -int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); +int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, + ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); int ossl_cmp_verify_popo(const OSSL_CMP_MSG *msg, int accept_RAVerified); /* from cmp_client.c */ diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 7b338b2b01..9735a1c0b7 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -23,6 +23,7 @@ DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS) DEFINE_STACK_OF(OSSL_CMP_ITAV) DEFINE_STACK_OF(GENERAL_NAME) +DEFINE_STACK_OF(X509) DEFINE_STACK_OF(X509_EXTENSION) DEFINE_STACK_OF(OSSL_CMP_PKISI) DEFINE_STACK_OF(OSSL_CRMF_MSG) @@ -228,7 +229,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) X509_EXTENSIONS *exts = NULL; if (rkey == NULL) - rkey = ctx->pkey; /* default is independent of ctx->oldClCert */ + rkey = ctx->pkey; /* default is independent of ctx->oldCert */ if (rkey == NULL) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_NULL_ARGUMENT); @@ -426,9 +427,12 @@ OSSL_CMP_MSG *ossl_cmp_certRep_new(OSSL_CMP_CTX *ctx, int bodytype, if (bodytype == OSSL_CMP_PKIBODY_IP && caPubs != NULL && (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL) goto err; - if (chain != NULL - && !ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain, 0, 1, 0)) + if (sk_X509_num(chain) > 0) { + msg->extraCerts = sk_X509_new_reserve(NULL, sk_X509_num(chain)); + if (msg->extraCerts == NULL + || !ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain, 0, 1, 0)) goto err; + } if (!unprotectedErrors || ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection) diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index 97600a7266..880051d3dd 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -26,8 +26,8 @@ DEFINE_STACK_OF(X509) * Calculate protection for given PKImessage utilizing the given credentials * and the algorithm parameters set inside the message header's protectionAlg. * - * Either secret or pkey must be set, the other must be NULL. Attempts doing - * PBMAC in case 'secret' is set and signature if 'pkey' is set - but will only + * secret or pkey must be set. Attempts doing PBMAC in case 'secret' is set + * and else signature if 'pkey' is set - but will only * do the protection already marked in msg->header->protectionAlg. * * returns ptr to ASN1_BIT_STRING containing protection on success, else NULL @@ -73,7 +73,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, } X509_ALGOR_get0(&algorOID, &pptype, &ppval, msg->header->protectionAlg); - if (secret != NULL && pkey == NULL) { + if (secret != NULL) { if (ppval == NULL) { CMPerr(0, CMP_R_ERROR_CALCULATING_PROTECTION); goto end; @@ -94,7 +94,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, secret->data, secret->length, &protection, &sig_len)) goto end; - } else if (secret == NULL && pkey != NULL) { + } else if (pkey != NULL) { /* TODO combine this with large parts of CRMF_poposigningkey_init() */ /* EVP_DigestSignInit() checks that pkey type is correct for the alg */ @@ -259,10 +259,8 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) goto err; } - if (msg->header->protectionAlg == NULL) - if ((msg->header->protectionAlg = X509_ALGOR_new()) == NULL) - goto err; - + if ((msg->header->protectionAlg = X509_ALGOR_new()) == NULL) + goto err; if (!OBJ_find_sigid_by_algs(&algNID, ctx->digest, EVP_PKEY_id(ctx->pkey))) { CMPerr(0, CMP_R_UNSUPPORTED_KEY_TYPE); diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index b805dc8bcb..8570885eed 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -452,8 +452,10 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req) { OSSL_CMP_CTX *ctx; + ASN1_OCTET_STRING *backup_secret; OSSL_CMP_PKIHEADER *hdr; int req_type, rsp_type; + int res; OSSL_CMP_MSG *rsp = NULL; if (srv_ctx == NULL || srv_ctx->ctx == NULL @@ -463,7 +465,12 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, return 0; } ctx = srv_ctx->ctx; + backup_secret = ctx->secretValue; + /* + * Some things need to be done already before validating the message in + * order to be able to send an error message as far as needed and possible. + */ if (hdr->sender->type != GEN_DIRNAME) { CMPerr(0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); goto err; @@ -485,9 +492,10 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, tid = OPENSSL_buf2hexstr(ctx->transactionID->data, ctx->transactionID->length); - ossl_cmp_log1(WARN, ctx, - "Assuming that last transaction with ID=%s got aborted", - tid); + if (tid != NULL) + ossl_cmp_log1(WARN, ctx, + "Assuming that last transaction with ID=%s got aborted", + tid); OPENSSL_free(tid); } /* start of a new transaction, reset transactionID and senderNonce */ @@ -500,16 +508,17 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, if (ctx->transactionID == NULL) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_UNEXPECTED_PKIBODY); - /* ignore any (extra) error in next two function calls: */ - (void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID); - (void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce); goto err; #endif } } - if (ossl_cmp_msg_check_received(ctx, req, unprotected_exception, - srv_ctx->acceptUnprotected) < 0) + res = ossl_cmp_msg_check_update(ctx, req, unprotected_exception, + srv_ctx->acceptUnprotected); + if (ctx->secretValue != NULL && ctx->pkey != NULL + && ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC) + ctx->secretValue = NULL; /* use MSG_SIG_ALG when protecting rsp */ + if (!res) goto err; switch (req_type) { @@ -568,16 +577,23 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, /* TODO fail_info could be more specific */ OSSL_CMP_PKISI *si = NULL; + if (ctx->transactionID == NULL) { + /* ignore any (extra) error in next two function calls: */ + (void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID); + (void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce); + } + if ((si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, - fail_info, NULL)) == NULL) - return 0; - if (err != 0 && (flags & ERR_TXT_STRING) != 0) - data = ERR_reason_error_string(err); - rsp = ossl_cmp_error_new(srv_ctx->ctx, si, - err != 0 ? ERR_GET_REASON(err) : -1, - data, srv_ctx->sendUnprotectedErrors); - OSSL_CMP_PKISI_free(si); + fail_info, NULL)) != NULL) { + if (err != 0 && (flags & ERR_TXT_STRING) != 0) + data = ERR_reason_error_string(err); + rsp = ossl_cmp_error_new(srv_ctx->ctx, si, + err != 0 ? ERR_GET_REASON(err) : -1, + data, srv_ctx->sendUnprotectedErrors); + OSSL_CMP_PKISI_free(si); + } } + ctx->secretValue = backup_secret; /* possibly close the transaction */ rsp_type = diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index c124b0636f..c702b2ec16 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -24,7 +24,7 @@ DEFINE_STACK_OF(X509) -/* +/*- * Verify a message protected by signature according to section 5.1.3.3 * (sha1+RSA/DSA or any other algorithm supported by OpenSSL). * @@ -70,7 +70,7 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx, prot_part_der_len = (size_t) len; /* verify signature of protected part */ - if (!OBJ_find_sigid_algs(OBJ_obj2nid(msg->header->protectionAlg->algorithm), + if (!OBJ_find_sigid_algs(ossl_cmp_hdr_get_protection_nid(msg->header), &digest_nid, &pk_nid) || digest_nid == NID_undef || pk_nid == NID_undef || (digest = EVP_get_digestbynid(digest_nid)) == NULL) { @@ -95,7 +95,7 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx, sig_err: res = x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS); - CMPerr(0, CMP_R_ERROR_VALIDATING_PROTECTION); + CMPerr(0, CMP_R_ERROR_VALIDATING_SIGNATURE); if (res) ERR_add_error_mem_bio("\n", bio); res = 0; @@ -132,15 +132,15 @@ static int verify_PBMAC(const OSSL_CMP_MSG *msg, return valid; } -/* +/*- * Attempt to validate certificate and path using any given store with trusted * certs (possibly including CRLs and a cert verification callback function) * and non-trusted intermediate certs from the given ctx. * * Returns 1 on successful validation and 0 otherwise. */ -int OSSL_CMP_validate_cert_path(OSSL_CMP_CTX *ctx, X509_STORE *trusted_store, - X509 *cert) +int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, + X509_STORE *trusted_store, X509 *cert) { int valid = 0; X509_STORE_CTX *csc = NULL; @@ -176,7 +176,7 @@ int OSSL_CMP_validate_cert_path(OSSL_CMP_CTX *ctx, X509_STORE *trusted_store, } /* Return 0 if expect_name != NULL and there is no matching actual_name */ -static int check_name(OSSL_CMP_CTX *ctx, +static int check_name(const OSSL_CMP_CTX *ctx, int log_success, const char *actual_desc, const X509_NAME *actual_name, const char *expect_desc, const X509_NAME *expect_name) { @@ -190,10 +190,16 @@ static int check_name(OSSL_CMP_CTX *ctx, ossl_cmp_log1(WARN, ctx, "missing %s", actual_desc); return 0; } - if (X509_NAME_cmp(actual_name, expect_name) == 0) + str = X509_NAME_oneline(actual_name, NULL, 0); + if (X509_NAME_cmp(actual_name, expect_name) == 0) { + if (log_success && str != NULL) + ossl_cmp_log2(INFO, ctx, " subject matches %s: %s", expect_desc, + str); + OPENSSL_free(str); return 1; + } - if ((str = X509_NAME_oneline(actual_name, NULL, 0)) != NULL) + if (str != NULL) ossl_cmp_log2(INFO, ctx, " actual name in %s = %s", actual_desc, str); OPENSSL_free(str); if ((str = X509_NAME_oneline(expect_name, NULL, 0)) != NULL) @@ -203,11 +209,11 @@ static int check_name(OSSL_CMP_CTX *ctx, } /* Return 0 if skid != NULL and there is no matching subject key ID in cert */ -static int check_kid(OSSL_CMP_CTX *ctx, - X509 *cert, const ASN1_OCTET_STRING *skid) +static int check_kid(const OSSL_CMP_CTX *ctx, + const ASN1_OCTET_STRING *ckid, + const ASN1_OCTET_STRING *skid) { - char *actual, *expect; - const ASN1_OCTET_STRING *ckid = X509_get0_subject_key_id(cert); + char *str; if (skid == NULL) return 1; /* no expectation, thus trivially fulfilled */ @@ -217,19 +223,25 @@ static int check_kid(OSSL_CMP_CTX *ctx, ossl_cmp_warn(ctx, "missing Subject Key Identifier in certificate"); return 0; } - if (ASN1_OCTET_STRING_cmp(ckid, skid) == 0) + str = OPENSSL_buf2hexstr(ckid->data, ckid->length); + if (ASN1_OCTET_STRING_cmp(ckid, skid) == 0) { + if (str != NULL) + ossl_cmp_log1(INFO, ctx, " subjectKID matches senderKID: %s", str); + OPENSSL_free(str); return 1; + } - if ((actual = OPENSSL_buf2hexstr(ckid->data, ckid->length)) != NULL) - ossl_cmp_log1(INFO, ctx, " cert Subject Key Identifier = %s", actual); - if ((expect = OPENSSL_buf2hexstr(skid->data, skid->length)) != NULL) - ossl_cmp_log1(INFO, ctx, " does not match senderKID = %s", expect); - OPENSSL_free(expect); - OPENSSL_free(actual); + if (str != NULL) + ossl_cmp_log1(INFO, ctx, " cert Subject Key Identifier = %s", str); + OPENSSL_free(str); + if ((str = OPENSSL_buf2hexstr(skid->data, skid->length)) != NULL) + ossl_cmp_log1(INFO, ctx, " does not match senderKID = %s", str); + OPENSSL_free(str); return 0; } -static int already_checked(X509 *cert, const STACK_OF(X509) *already_checked) +static int already_checked(const X509 *cert, + const STACK_OF(X509) *already_checked) { int i; @@ -239,7 +251,7 @@ static int already_checked(X509 *cert, const STACK_OF(X509) *already_checked) return 0; } -/* +/*- * Check if the given cert is acceptable as sender cert of the given message. * The subject DN must match, the subject key ID as well if present in the msg, * and the cert must be current (checked if ctx->trusted is not NULL). @@ -247,7 +259,7 @@ static int already_checked(X509 *cert, const STACK_OF(X509) *already_checked) * * Returns 0 on error or not acceptable, else 1. */ -static int cert_acceptable(OSSL_CMP_CTX *ctx, +static int cert_acceptable(const OSSL_CMP_CTX *ctx, const char *desc1, const char *desc2, X509 *cert, const STACK_OF(X509) *already_checked1, const STACK_OF(X509) *already_checked2, @@ -285,19 +297,19 @@ static int cert_acceptable(OSSL_CMP_CTX *ctx, return 0; } - if (!check_name(ctx, + if (!check_name(ctx, 1, "cert subject", X509_get_subject_name(cert), "sender field", msg->header->sender->d.directoryName)) return 0; - if (!check_kid(ctx, cert, msg->header->senderKID)) + if (!check_kid(ctx, X509_get0_subject_key_id(cert), msg->header->senderKID)) return 0; /* acceptable also if there is no senderKID in msg header */ ossl_cmp_info(ctx, " cert seems acceptable"); return 1; } -static int check_msg_valid_cert(OSSL_CMP_CTX *ctx, X509_STORE *store, +static int check_msg_valid_cert(const OSSL_CMP_CTX *ctx, X509_STORE *store, X509 *scrt, const OSSL_CMP_MSG *msg) { if (!verify_signature(ctx, msg, scrt)) { @@ -319,7 +331,7 @@ static int check_msg_valid_cert(OSSL_CMP_CTX *ctx, X509_STORE *store, * from extraCerts as trust anchor to validate sender cert and msg - * provided it also can validate the newly enrolled certificate */ -static int check_msg_valid_cert_3gpp(OSSL_CMP_CTX *ctx, X509 *scrt, +static int check_msg_valid_cert_3gpp(const OSSL_CMP_CTX *ctx, X509 *scrt, const OSSL_CMP_MSG *msg) { int valid = 0; @@ -361,11 +373,21 @@ static int check_msg_valid_cert_3gpp(OSSL_CMP_CTX *ctx, X509 *scrt, return valid; } -/* +static int check_msg_given_cert(const OSSL_CMP_CTX *ctx, X509 *cert, + const OSSL_CMP_MSG *msg) +{ + return cert_acceptable(ctx, "previously validated", "sender cert", + cert, NULL, NULL, msg) + && (check_msg_valid_cert(ctx, ctx->trusted, cert, msg) + || check_msg_valid_cert_3gpp(ctx, cert, msg)); +} + +/*- * Try all certs in given list for verifying msg, normally or in 3GPP mode. * If already_checked1 == NULL then certs are assumed to be the msg->extraCerts. + * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). */ -static int check_msg_with_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs, +static int check_msg_with_certs(OSSL_CMP_CTX *ctx, const STACK_OF(X509) *certs, const char *desc, const STACK_OF(X509) *already_checked1, const STACK_OF(X509) *already_checked2, @@ -406,9 +428,10 @@ static int check_msg_with_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs, return 0; } -/* +/*- * Verify msg trying first ctx->untrusted_certs, which should include extraCerts * at its front, then trying the trusted certs in truststore (if any) of ctx. + * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). */ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, int mode_3gpp) @@ -451,7 +474,10 @@ static int no_log_cb(const char *func, const char *file, int line, return 1; } -/* verify message signature with any acceptable and valid candidate cert */ +/*- + * Verify message signature with any acceptable and valid candidate cert. + * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). + */ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) { X509 *scrt = ctx->validatedSrvCert; /* previous successful sender cert */ @@ -472,29 +498,28 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) /* dump any hitherto errors to avoid confusion when printing further ones */ OSSL_CMP_CTX_print_errors(ctx); + /* enable clearing irrelevant errors in attempts to validate sender certs */ + (void)ERR_set_mark(); + ctx->log_cb = no_log_cb; /* temporarily disable logging */ + /* * try first cached scrt, used successfully earlier in same transaction, * for validating this and any further msgs where extraCerts may be left out */ if (scrt != NULL) { - (void)ERR_set_mark(); - ossl_cmp_info(ctx, - "trying to verify msg signature with previously validated cert"); - if (cert_acceptable(ctx, "previously validated", "sender cert", scrt, - NULL, NULL, msg) - && (check_msg_valid_cert(ctx, ctx->trusted, scrt, msg) - || check_msg_valid_cert_3gpp(ctx, scrt, msg))) { + if (check_msg_given_cert(ctx, scrt, msg)) { + ctx->log_cb = backup_log_cb; (void)ERR_pop_to_mark(); return 1; } - (void)ERR_pop_to_mark(); /* cached sender cert has shown to be no more successfully usable */ (void)ossl_cmp_ctx_set0_validatedSrvCert(ctx, NULL); + /* re-do the above check (just) for adding diagnostic information */ + ossl_cmp_info(ctx, + "trying to verify msg signature with previously validated cert"); + (void)check_msg_given_cert(ctx, scrt, msg); } - /* enable clearing irrelevant errors in attempts to validate sender certs */ - (void)ERR_set_mark(); - ctx->log_cb = no_log_cb; /* temporarily disable logging */ res = check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */) || check_msg_all_certs(ctx, msg, 1 /* 3gpp */); ctx->log_cb = backup_log_cb; @@ -518,8 +543,8 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) else ossl_cmp_info(ctx, "while msg header does not contain senderKID"); /* re-do the above checks (just) for adding diagnostic information */ - check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */); - check_msg_all_certs(ctx, msg, 1 /* 3gpp */); + (void)check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */); + (void)check_msg_all_certs(ctx, msg, 1 /* 3gpp */); } CMPerr(0, CMP_R_NO_SUITABLE_SENDER_CERT); @@ -538,12 +563,13 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) return res; } -/* +/*- * Validate the protection of the given PKIMessage using either password- * based mac (PBM) or a signature algorithm. In the case of signature algorithm, * the sender certificate can have been pinned by providing it in ctx->srvCert, * else it is searched in msg->extraCerts, ctx->untrusted_certs, in ctx->trusted * (in this order) and is path is validated against ctx->trusted. + * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). * * If ctx->permitTAInExtraCertsForIR is true and when validating a CMP IP msg, * the trust anchor for validating the IP msg may be taken from msg->extraCerts @@ -555,9 +581,6 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) */ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) { - X509_ALGOR *alg; - int nid = NID_undef, pk_nid = NID_undef; - const ASN1_OBJECT *algorOID = NULL; X509 *scrt; if (ctx == NULL || msg == NULL @@ -566,17 +589,13 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) return 0; } - if ((alg = msg->header->protectionAlg) == NULL /* unprotected message */ + if (msg->header->protectionAlg == NULL /* unprotected message */ || msg->protection == NULL || msg->protection->data == NULL) { CMPerr(0, CMP_R_MISSING_PROTECTION); return 0; } - /* determine the nid for the used protection algorithm */ - X509_ALGOR_get0(&algorOID, NULL, NULL, alg); - nid = OBJ_obj2nid(algorOID); - - switch (nid) { + switch (ossl_cmp_hdr_get_protection_nid(msg->header)) { /* 5.1.3.1. Shared Secret Information */ case NID_id_PasswordBasedMAC: if (ctx->secretValue == 0) { @@ -584,34 +603,8 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) break; } - if (verify_PBMAC(msg, ctx->secretValue)) { - /* - * RFC 4210, 5.3.2: 'Note that if the PKI Message Protection is - * "shared secret information", then any certificate transported in - * the caPubs field may be directly trusted as a root CA - * certificate by the initiator.' - */ - switch (ossl_cmp_msg_get_bodytype(msg)) { - case -1: - return 0; - case OSSL_CMP_PKIBODY_IP: - case OSSL_CMP_PKIBODY_CP: - case OSSL_CMP_PKIBODY_KUP: - case OSSL_CMP_PKIBODY_CCP: - if (ctx->trusted != NULL) { - STACK_OF(X509) *certs = msg->body->value.ip->caPubs; - /* value.ip is same for cp, kup, and ccp */ - - if (!ossl_cmp_X509_STORE_add1_certs(ctx->trusted, certs, 0)) - /* adds both self-issued and not self-issued certs */ - return 0; - } - break; - default: - break; - } + if (verify_PBMAC(msg, ctx->secretValue)) return 1; - } break; /* @@ -626,28 +619,6 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) * 5.1.3.3. Signature */ default: - if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), NULL, &pk_nid) - || pk_nid == NID_undef) { - CMPerr(0, CMP_R_UNKNOWN_ALGORITHM_ID); - break; - } - /* validate sender name of received msg */ - if (msg->header->sender->type != GEN_DIRNAME) { - CMPerr(0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); - break; /* FR#42: support for more than X509_NAME */ - } - /* - * Compare actual sender name of response with expected sender name. - * Expected name can be set explicitly or the subject of ctx->srvCert. - * Mitigates risk to accept misused certificate of an unauthorized - * entity of a trusted hierarchy. - */ - if (!check_name(ctx, "sender DN field", - msg->header->sender->d.directoryName, - "expected sender", ctx->expected_sender)) - break; - /* Note: if recipient was NULL-DN it could be learned here if needed */ - scrt = ctx->srvCert; if (scrt == NULL) { if (check_msg_find_cert(ctx, msg)) @@ -656,9 +627,6 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) /* use ctx->srvCert for signature check even if not acceptable */ if (verify_signature(ctx, msg, scrt)) return 1; - /* call cert_acceptable() for adding diagnostic information */ - (void)cert_acceptable(ctx, "explicitly set", "sender cert", scrt, - NULL, NULL, msg); ossl_cmp_warn(ctx, "msg signature verification failed"); CMPerr(0, CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG); } @@ -670,9 +638,11 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) /*- * Check received message (i.e., response by server or request from client) - * Any msg->extraCerts are prepended to ctx->untrusted_certs + * Any msg->extraCerts are prepended to ctx->untrusted_certs. * * Ensures that: + * its sender is of appropriate type (curently only X509_NAME) and + * matches any expected sender or srvCert subject given in the ctx * it has a valid body type * its protection is valid (or invalid/absent, but only if a callback function * is present and yields a positive result using also the supplied argument) @@ -681,30 +651,63 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) * * If everything is fine: * learns the senderNonce from the received message, - * learns the transaction ID if it is not yet in ctx. + * learns the transaction ID if it is not yet in ctx, + * and makes any certs in caPubs directly trusted. * - * returns body type (which is >= 0) of the message on success, -1 on error + * Returns 1 on success, 0 on error. */ -int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg) +int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, + ossl_cmp_allow_unprotected_cb_t cb, int cb_arg) { - int rcvd_type; + OSSL_CMP_PKIHEADER *hdr; + const X509_NAME *expected_sender; - if (!ossl_assert(ctx != NULL && msg != NULL)) - return -1; + if (!ossl_assert(ctx != NULL && msg != NULL && msg->header != NULL)) + return 0; + hdr = OSSL_CMP_MSG_get0_header(msg); + + /* validate sender name of received msg */ + if (hdr->sender->type != GEN_DIRNAME) { + CMPerr(0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); + return 0; /* TODO FR#42: support for more than X509_NAME */ + } + /* + * Compare actual sender name of response with expected sender name. + * Mitigates risk to accept misused PBM secret + * or misused certificate of an unauthorized entity of a trusted hierarchy. + */ + expected_sender = ctx->expected_sender; + if (expected_sender == NULL && ctx->srvCert != NULL) + expected_sender = X509_get_subject_name(ctx->srvCert); + if (!check_name(ctx, 0, "sender DN field", hdr->sender->d.directoryName, + "expected sender", expected_sender)) + return 0; + /* Note: if recipient was NULL-DN it could be learned here if needed */ if (sk_X509_num(msg->extraCerts) > 10) ossl_cmp_warn(ctx, "received CMP message contains more than 10 extraCerts"); + /* + * Store any provided extraCerts in ctx for use in OSSL_CMP_validate_msg() + * and for future use, such that they are available to ctx->certConf_cb and + * the peer does not need to send them again in the same transaction. + * Note that it does not help validating the message before storing the + * extraCerts because they do not belong to the protected msg part anyway. + * For efficiency, the extraCerts are prepended so they get used first. + */ + if (!ossl_cmp_sk_X509_add1_certs(ctx->untrusted_certs, msg->extraCerts, + 0 /* this allows self-issued certs */, + 1 /* no_dups */, 1 /* prepend */)) + return 0; /* validate message protection */ - if (msg->header->protectionAlg != 0) { + if (hdr->protectionAlg != NULL) { /* detect explicitly permitted exceptions for invalid protection */ if (!OSSL_CMP_validate_msg(ctx, msg) && (cb == NULL || (*cb)(ctx, msg, 1, cb_arg) <= 0)) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_ERROR_VALIDATING_PROTECTION); - return -1; + return 0; #endif } } else { @@ -712,34 +715,34 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, if (cb == NULL || (*cb)(ctx, msg, 0, cb_arg) <= 0) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_MISSING_PROTECTION); - return -1; + return 0; #endif } } /* check CMP version number in header */ - if (ossl_cmp_hdr_get_pvno(OSSL_CMP_MSG_get0_header(msg)) != OSSL_CMP_PVNO) { + if (ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_UNEXPECTED_PVNO); - return -1; + return 0; #endif } - if ((rcvd_type = ossl_cmp_msg_get_bodytype(msg)) < 0) { + if (ossl_cmp_msg_get_bodytype(msg) < 0) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_PKIBODY_ERROR); - return -1; + return 0; #endif } /* compare received transactionID with the expected one in previous msg */ if (ctx->transactionID != NULL - && (msg->header->transactionID == NULL + && (hdr->transactionID == NULL || ASN1_OCTET_STRING_cmp(ctx->transactionID, - msg->header->transactionID) != 0)) { + hdr->transactionID) != 0)) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_TRANSACTIONID_UNMATCHED); - return -1; + return 0; #endif } @@ -747,10 +750,10 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, if (ctx->senderNonce != NULL && (msg->header->recipNonce == NULL || ASN1_OCTET_STRING_cmp(ctx->senderNonce, - msg->header->recipNonce) != 0)) { + hdr->recipNonce) != 0)) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_RECIPNONCE_UNMATCHED); - return -1; + return 0; #endif } @@ -759,26 +762,40 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, * the senderNonce of the previous message in the transaction. * --> Store for setting in next message */ - if (!ossl_cmp_ctx_set1_recipNonce(ctx, msg->header->senderNonce)) - return -1; + if (!ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce)) + return 0; /* if not yet present, learn transactionID */ if (ctx->transactionID == NULL - && !OSSL_CMP_CTX_set1_transactionID(ctx, msg->header->transactionID)) - return -1; - - /* - * Store any provided extraCerts in ctx for future use, - * such that they are available to ctx->certConf_cb and - * the peer does not need to send them again in the same transaction. - * For efficiency, the extraCerts are prepended so they get used first. - */ - if (!ossl_cmp_sk_X509_add1_certs(ctx->untrusted_certs, msg->extraCerts, - 0 /* this allows self-issued certs */, - 1 /* no_dups */, 1 /* prepend */)) - return -1; + && !OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID)) + return 0; - return rcvd_type; + if (ossl_cmp_hdr_get_protection_nid(hdr) == NID_id_PasswordBasedMAC) { + /* + * RFC 4210, 5.3.2: 'Note that if the PKI Message Protection is + * "shared secret information", then any certificate transported in + * the caPubs field may be directly trusted as a root CA + * certificate by the initiator.' + */ + switch (ossl_cmp_msg_get_bodytype(msg)) { + case OSSL_CMP_PKIBODY_IP: + case OSSL_CMP_PKIBODY_CP: + case OSSL_CMP_PKIBODY_KUP: + case OSSL_CMP_PKIBODY_CCP: + if (ctx->trusted != NULL) { + STACK_OF(X509) *certs = msg->body->value.ip->caPubs; + /* value.ip is same for cp, kup, and ccp */ + + if (!ossl_cmp_X509_STORE_add1_certs(ctx->trusted, certs, 0)) + /* adds both self-issued and not self-issued certs */ + return 0; + } + break; + default: + break; + } + } + return 1; } int ossl_cmp_verify_popo(const OSSL_CMP_MSG *msg, int accept_RAVerified) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 1668c95153..8fd805cd9c 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2116,6 +2116,7 @@ CMP_R_ERROR_PROTECTING_MESSAGE:127:error protecting message CMP_R_ERROR_SETTING_CERTHASH:128:error setting certhash CMP_R_ERROR_UNEXPECTED_CERTCONF:160:error unexpected certconf CMP_R_ERROR_VALIDATING_PROTECTION:140:error validating protection +CMP_R_ERROR_VALIDATING_SIGNATURE:171:error validating signature CMP_R_FAILED_EXTRACTING_PUBKEY:141:failed extracting pubkey CMP_R_FAILURE_OBTAINING_RANDOM:110:failure obtaining random CMP_R_FAIL_INFO_OUT_OF_RANGE:129:fail info out of range diff --git a/doc/internal/man3/ossl_cmp_hdr_init.pod b/doc/internal/man3/ossl_cmp_hdr_init.pod index cf7f596551..0c6405054f 100644 --- a/doc/internal/man3/ossl_cmp_hdr_init.pod +++ b/doc/internal/man3/ossl_cmp_hdr_init.pod @@ -4,6 +4,7 @@ ossl_cmp_hdr_set_pvno, ossl_cmp_hdr_get_pvno, +ossl_cmp_hdr_get_protection_nid, ossl_cmp_hdr_get0_sendernonce, ossl_cmp_general_name_is_NULL_DN, ossl_cmp_hdr_set1_sender, @@ -25,6 +26,7 @@ ossl_cmp_hdr_init int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno); int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr); + int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr); ASN1_OCTET_STRING *ossl_cmp_hdr_get0_sendernonce(const OSSL_CMP_PKIHEADER *hdr); int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name); @@ -52,6 +54,9 @@ ossl_cmp_hdr_set_pvno() sets hdr->pvno to the given B. ossl_cmp_hdr_get_pvno() returns the pvno of the given B or -1 on error. +ossl_cmp_hdr_get_protection_nid returns the NID of the protection algorithm +in B or NID_undef on error. + ossl_cmp_hdr_get0_sendernonce() returns the sender nonce of the given PKIHeader. ossl_cmp_general_name_is_NULL_DN() determines if the given GENERAL_NAME @@ -110,7 +115,9 @@ CMP is defined in RFC 4210 (and CRMF in RFC 4211). ossl_cmp_hdr_get_pvno() returns the pvno of the given B or -1 on error. -ossl_cmp_hdr_get0_sendernonce() returns the respective nonce. +ossl_cmp_hdr_get_protection_nid returns the respective NID, NID_undef on error. + +ossl_cmp_hdr_get0_sendernonce() returns the respective nonce, or NULL. ossl_cmp_general_name_is_NULL_DN() returns 1 given a NULL-DN, else 0. diff --git a/doc/internal/man3/ossl_cmp_msg_check_received.pod b/doc/internal/man3/ossl_cmp_msg_check_received.pod deleted file mode 100644 index 0fd4140356..0000000000 --- a/doc/internal/man3/ossl_cmp_msg_check_received.pod +++ /dev/null @@ -1,86 +0,0 @@ -=pod - -=head1 NAME - -ossl_cmp_allow_unprotected_cb_t, -ossl_cmp_msg_check_received -- does all checks on a received CMP message that can be done generically - -=head1 SYNOPSIS - - #include "cmp_local.h" - - typedef int (*ossl_cmp_allow_unprotected_cb_t)(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg, - int invalid_protection, int arg); - - int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); - -=head1 DESCRIPTION - -ossl_cmp_msg_check_received() checks the given message B, -which may be a server response or a request by some client. - -It is ensured for the B that - -=over 4 - -=item it has a valid body type, - -=item its protection is present and valid (or a callback function B -is present and indicates that a missing or invalid protection is acceptable), - -=item its recipNonce matches any previous senderNonce stored in B, and - -=item its transaction ID matches any previous transaction ID stored in B. - -=back - -In case no protection is present and B is not NULL then this callback -function is called with its B parameter being 0, while in -case an invalid protection is present the B parameter is 1. -The callback is passed also the arguments B, B, and -(which typically contains the expected message type). -The callback should return 1 on acceptance, 0 on rejection, or -1 on error. -It should not put and error on the error stack since this could be misleading. - -If all checks pass then ossl_cmp_msg_check_received() - -=over 4 - -=item learns the senderNonce from the received message, - -=item learns the transaction ID if it is not yet in B, and - -=item adds any extraCerts contained in the to the list of untrusted -certificates in B for future use, such that -they are available already to the certificate confirmation callback and the -peer does not need to send them again (at least not in the same transaction). -For efficiency, the extraCerts are prepended to the list so they get used first. - -=back - -=head1 RETURN VALUES - -ossl_cmp_msg_check_received() returns the message body type (which is >= 0) -on success, -1 on error. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_msg_check_update.pod b/doc/internal/man3/ossl_cmp_msg_check_update.pod new file mode 100644 index 0000000000..4e7a9224af --- /dev/null +++ b/doc/internal/man3/ossl_cmp_msg_check_update.pod @@ -0,0 +1,95 @@ +=pod + +=head1 NAME + +ossl_cmp_allow_unprotected_cb_t, +ossl_cmp_msg_check_update +- generic checks on a received CMP message, updating the context + +=head1 SYNOPSIS + + #include "cmp_local.h" + + typedef int (*ossl_cmp_allow_unprotected_cb_t)(const OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *msg, + int invalid_protection, int arg); + + int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, + ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); + +=head1 DESCRIPTION + +ossl_cmp_msg_check_update() does all generic checks on the given message B, +which may be a server response or a request by some client, +and updates the B accordingly. + +The B is checked for the following: + +=over 4 + +=item its sender is of appropriate type (currently only B) + and matches any expected sender or srvCert subject given in B, + +=item its protection is present and valid (or a callback function B +is present and indicates that a missing or invalid protection is acceptable), + +=item its CMP protocol version is acceptable, namely B, + +=item its body type is valid, + +=item its transaction ID matches any transaction ID given in B, and + +=item its recipNonce matches any senderNonce given in B. + +=back + +In case no protection is present and B is not NULL then this callback +function is called with its B parameter being 0, while in +case an invalid protection is present the B parameter is 1. +The callback is passed also the arguments B, B, and +(which typically contains the expected message type). +The callback should return 1 on acceptance, 0 on rejection, or -1 on error. +It should not put an error on the error stack since this could be misleading. + +ossl_cmp_msg_check_update() adds all extraCerts contained in the to +the list of untrusted certificates in B such that they are already usable +for OSSL_CMP_validate_msg(), which is called internally, and for future use. +Thus they are available also to the certificate confirmation callback, and the +peer does not need to send them again (at least not in the same transaction). +Note that it does not help validating the message before storing the extraCerts +because they are not part of the protected portion of the message anyway. +For efficiency, the extraCerts are prepended to the list so they get used first. + +If all checks pass then ossl_cmp_msg_check_update() +records in B the senderNonce of the received message as the new recipNonce +and learns the transaction ID if none is currently present in B. + +Moreover, according to RFC 4210 section 5.3.2, if the message protection is +PBM-based then any certificates in the caPubs field are added to the list of +trusted certificates (if set via L). +This way these certs are available for validating subsequent messages in the +same context and could apply to any Polling Response (pollRep), error, or PKI +Confirmation (PKIConf) messages following in the same or future transactions. + +=head1 RETURN VALUES + +ossl_cmp_msg_check_update() returns 1 on success, -1 on error. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The OpenSSL CMP support was added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 102f99aea4..89bb549c29 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -151,7 +151,7 @@ The B command is a client implementation for the Certificate Management Protocol (CMP) as defined in RFC4210. It can be used to request certificates from a CA server, update their certificates, -request certificates to be revoked, and perform other CMP requests. +request certificates to be revoked, and perform other types of CMP requests. =head1 OPTIONS @@ -206,16 +206,16 @@ Currently implemented commands are: =back -B requests initialization of an End Entity into a PKI hierarchy by means of -issuance of a first certificate. +B requests initialization of an End Entity into a PKI hierarchy +by issuing a first certificate. -B requests issuance of an additional certificate for an End Entity already +B requests issuing an additional certificate for an End Entity already initialized to the PKI hierarchy. -B requests issuance of an additional certificate similarly to B +B requests issuing an additional certificate similarly to B but uses PKCS#10 CSR format. -B requests (key) update for an existing, given certificate. +B requests a (key) update for an existing, given certificate. B requests revocation of an existing, given certificate. @@ -268,8 +268,8 @@ This default is used for IR and CR only if no SANs are set. The argument must be formatted as I, characters may be escaped by C<\>E(backslash), no spaces are skipped. -In case B<-cert> is not set, for instance when using MSG_MAC_ALG, -the subject DN is also used as sender of the PKI message. +The subject DN is also used as fallback sender of outgoing CMP messages +if no B<-cert> and no B<-oldcert> are given. =item B<-issuer> I @@ -393,8 +393,9 @@ It must be given for RR, while for KUR it defaults to B<-cert>. The reference certificate determined in this way, if any, is also used for deriving default subject DN and Subject Alternative Names for IR, CR, and KUR. -Its issuer, if any, is used as default recipient in the CMP message header -if neither B<-srvcert>, B<-recipient>, nor B<-issuer> is available. +Its subject is used as sender of outgoing messages if B<-cert> is not given. +Its issuer is used as default recipient in CMP message headers +if neither B<-recipient>, B<-srvcert>, nor B<-issuer> is given. =item B<-revreason> I @@ -428,13 +429,13 @@ Reason numbers defined in RFC 5280 are: The IP address or DNS hostname and optionally port (defaulting to 80 or 443) of the CMP server to connect to using HTTP(S) transport. -The optional "http://" or "https://" prefix is ignored. +The optional I or I prefix is ignored. =item B<-proxy> I<[http[s]://]address[:port][/path]> The HTTP(S) proxy server to use for reaching the CMP server unless B applies, see below. -The optional "http://" or "https://" prefix and any trailing path are ignored. +The optional I or I prefix and any trailing path are ignored. Defaults to the environment variable C if set, else C in case no TLS is used, otherwise C if set, else C. @@ -447,7 +448,7 @@ Default is from the environment variable C if set, else C. =item B<-path> I HTTP path at the CMP server (aka CMP alias) to use for POST requests. -Defaults to "/". +Defaults to I. =item B<-msg_timeout> I @@ -473,8 +474,9 @@ Default is 0 (infinite). When verifying signature-based protection of CMP response messages, these are the CA certificate(s) to trust while checking certificate chains during CMP server authentication. -This option gives more flexibility than the B<-srvcert> option because -it does not pin down the expected CMP server by allowing only one certificate. +This option gives more flexibility than the B<-srvcert> option because the +protection certificate is not pinned but may be any certificate +for which a chain to one of the given trusted certificates can be constructed. Multiple filenames may be given, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). @@ -482,65 +484,55 @@ Each source may contain multiple certificates. =item B<-untrusted> I -Non-trusted intermediate certificate(s) that may be useful -for constructing the TLS client certificate chain (if TLS is enabled) and -for building certificate chains while verifying the CMP server certificate -(when checking signature-based CMP message protection) -and while verifying the newly enrolled certificate. -These may get added to the extraCerts field sent in requests as far as needed. +Non-trusted intermediate CA certificate(s) that may be useful for cert path +construction for the CMP client certificate (to include in the extraCerts field +of outgoing messages), for the TLS client certificate (if TLS is enabled), +when verifying the CMP server certificate (checking signature-based +CMP message protection), and when verifying newly enrolled certificates. Multiple filenames may be given, separated by commas and/or whitespace. Each file may contain multiple certificates. =item B<-srvcert> I -The specific CMP server certificate to use and directly trust (even if it is +The specific CMP server certificate to expect and directly trust (even if it is expired) when verifying signature-based protection of CMP response messages. -May be set alternatively to the B<-trusted> option -if the certificate is available and only this one shall be accepted. +May be set alternatively to the B<-trusted> option to pin the accepted server. -If set, the issuer of the certificate is also used as the recipient of the CMP -request and as the expected sender of the CMP response, -overriding any potential B<-recipient> option. +If set, the subject of the certificate is also used +as default value for the recipient of CMP requests +and as default value for the expected sender of incoming CMP messages. =item B<-recipient> I -This option may be used to explicitly set the Distinguished Name (DN) -of the CMP message recipient, i.e., the CMP server (usually a CA or RA entity). +Distinguished Name (DN) to use in the recipient field of CMP request messages, +i.e., the CMP server (usually a CA or RA entity). The argument must be formatted as I, characters may be escaped by C<\>E(backslash), no spaces are skipped. -If a CMP server certificate is given with the B<-srvcert> option, its subject -name is taken as the recipient name and the B<-recipient> option is ignored. -If neither of the two are given, the recipient of the PKI message is -determined in the following order: from the B<-issuer> option if present, -the issuer of old cert given with the B<-oldcert> option if present, -the issuer of the client certificate (B<-cert> option) if present. - -The recipient field in the header of CMP messagese is mandatory. -If none of the options that enable the derivation of the recipient name are -given, no suitable value for the recipient in the PKIHeader is available. -As a last resort it is set to NULL-DN. - -When a response is received, its sender must match the recipient of the request. +The recipient field in the header of a CMP message is mandatory. +If not given explicitly the recipient is determined in the following order: +the subject of the CMP server certificate given with the B<-srvcert> option, +the B<-issuer> option, +the issuer of the certificate given with the B<-oldcert> option, +the issuer of the CMP client certificate (B<-cert> option), +as far as any of those is present, else the NULL-DN as last resort. =item B<-expect_sender> I -Distinguished Name (DN) of the expected sender of CMP response messages when -MSG_SIG_ALG is used for protection. -This can be used to ensure that only a particular entity is accepted -as the CMP server, and attackers are not able to use arbitrary certificates -of a trusted PKI hierarchy to fraudulently pose as a CMP server. -Note that this option gives slightly more freedom than B<-srvcert>, -which pins down the server to a particular certificate, -while B<-expect_sender> I will continue to match after updates of the -server cert. +Distinguished Name (DN) expected in the sender field of incoming CMP messages. +Defaults to the subject DN of the pinned B<-srvcert>, if any. The argument must be formatted as I, characters may be escaped by C<\>E(backslash), no spaces are skipped. -If not given, the subject DN of B<-srvcert>, if provided, will be used. +This can be used to make sure that only a particular entity is accepted as +CMP message signer, and attackers are not able to use arbitrary certificates +of a trusted PKI hierarchy to fraudulently pose as a CMP server. +Note that this option gives slightly more freedom than setting the B<-srvcert>, +which pins the server to the holder of a particular certificate, while the +expected sender name will continue to match after updates of the server cert. =item B<-ignore_keyusage> @@ -621,8 +613,8 @@ B section in L. The client's current certificate. Requires the corresponding key to be given with B<-key>. -The subject of this certificate will be used as the "sender" field -of outgoing CMP messages, while B<-subjectName> may provide a fallback value. +The subject of this certificate will be used as sender of outgoing CMP messages, +while the subject of B<-oldcert> or B<-subjectName> may provide fallback values. When using signature-based message protection, this "protection certificate" will be included first in the extraCerts field of outgoing messages. In Initialization Request (IR) messages this can be used for authenticating @@ -630,7 +622,6 @@ using an external entity certificate as defined in appendix E.7 of RFC 4210. For Key Update Request (KUR) messages this is also used as the certificate to be updated if the B<-oldcert> option is not given. If the file includes further certs, they are appended to the untrusted certs. -These may get added to the extraCerts field sent in requests as far as needed. =item B<-key> I @@ -740,8 +731,8 @@ when connecting to CMP server. =item B<-tls_cert> I Client's TLS certificate. -If the file includes further certificates, -they are used for constructing the client cert chain provided to the TLS server. +If the file includes further certs they are used (along with B<-untrusted> +certs) for constructing the client cert chain provided to the TLS server. =item B<-tls_key> I @@ -1015,7 +1006,7 @@ the CMP command-line argument B<-proxy>, for example -proxy http://192.168.1.1:8080 In the Insta Demo CA scenario both clients and the server may use the pre-shared -secret "insta" and the reference value "3078" to authenticate to each other. +secret I and the reference value I<3078> to authenticate to each other. Alternatively, CMP messages may be protected in signature-based manner, where the trust anchor in this case is F @@ -1060,7 +1051,7 @@ and/or on the command line. The following examples at first do not make use of a configuration file. They assume that a CMP server can be contacted on the local TCP port 80 -and accepts requests under the alias "/pkix/". +and accepts requests under the alias I. For enrolling its very first certificate the client generates a first client key and sends an initial request message to the local CMP server diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index c8eacfc3d9..97927fb45e 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -73,7 +73,7 @@ OSSL_CMP_CTX_set1_senderNonce /* logging and error reporting: */ int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb); #define OSSL_CMP_CTX_set_log_verbosity(ctx, level) - void OSSL_CMP_CTX_print_errors(OSSL_CMP_CTX *ctx); + void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx); /* message transfer: */ int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); @@ -306,7 +306,7 @@ B to print to STDERR (unless OPENSSL_NO_STDIO is defined). OSSL_CMP_CTX_set1_serverPath() sets the HTTP path of the CMP server on the host, also known as "CMP alias". -The default is "/". +The default is I. OSSL_CMP_CTX_set1_server() sets the given server B

    (which may be a hostname or IP address or NULL) in the given B. @@ -323,7 +323,7 @@ Otherwise defaults to the value of B if set, else B. An empty proxy string specifies not to use a proxy. Else the format is I<[http[s]://]address[:port][/path]>, where any path given is ignored. -The default port number is 80, or 443 in case "https:" is given. +The default port number is 80, or 443 in case I is given. OSSL_CMP_CTX_set1_no_proxy() sets the list of server hostnames not to use an HTTP proxy for. The names may be separated by commas and/or whitespace. @@ -380,32 +380,40 @@ OSSL_CMP_CTX_get_transfer_cb_arg() gets the argument, respectively the pointer to a structure containing arguments, previously set by OSSL_CMP_CTX_set_transfer_cb_arg() or NULL if unset. -OSSL_CMP_CTX_set1_srvCert() pins the given server certificate B -directly trusts it (even if it is expired) for verifying response messages. +OSSL_CMP_CTX_set1_srvCert() sets the expected server cert B and trusts +it directly (even if it is expired) when verifying signed response messages. +May be used alternatively to OSSL_CMP_CTX_set0_trustedStore() +to pin the accepted server. +Any previously set value is freed. The B argument may be NULL to clear the entry. - -OSSL_CMP_CTX_set1_expected_sender() sets the Distinguished Name (DN) expected to -be given in the sender response for messages protected with MSG_SIG_ALG. This -may be used to enforce that during validation of received messages the given DN -matches the sender field of the PKIMessage header, which in turn is used to -identify the server certificate. -This can be used to ensure that only a particular entity is accepted to act as -CMP server, and attackers are not able to use arbitrary certificates of a -trusted PKI hierarchy to fraudulently pose as server. -This defaults to the subject of the B, if any. - -OSSL_CMP_CTX_set0_trustedStore() sets the X509_STORE type certificate store -containing trusted (root) CA certificates. The certificate store may also hold -CRLs and a certificate verification callback function used for CMP server -authentication. Any already existing store entry is freed. When given a NULL -parameter the entry is cleared. - -OSSL_CMP_CTX_get0_trustedStore() returns a pointer to the certificate store -containing trusted root CA certificates, which may be empty if unset. +If set, the subject of the certificate is also used +as default value for the recipient of CMP requests +and as default value for the expected sender of CMP responses. + +OSSL_CMP_CTX_set1_expected_sender() sets the Distinguished Name (DN) +expected in the sender field of CMP response messages. +Defaults to the subject of the pinned server certificate B<-srvcert>, if any. +This can be used to make sure that only a particular entity is accepted as +CMP message signer, and attackers are not able to use arbitrary certificates +of a trusted PKI hierarchy to fraudulently pose as CMP server. +Note that this gives slightly more freedom than OSSL_CMP_CTX_set1_srvCert(), +which pins the server to the holder of a particular certificate, while the +expected sender name will continue to match after updates of the server cert. + +OSSL_CMP_CTX_set0_trustedStore() sets the certificate store of type X509_STORE +containing trusted (root) CA certificates. +The store may also hold CRLs and +a certificate verification callback function used for CMP server authentication. +Any store entry already set before is freed. +When given a NULL parameter the entry is cleared. + +OSSL_CMP_CTX_get0_trustedStore() returns a pointer to the currently set +certificate store containing trusted cert etc., or an empty store if unset. OSSL_CMP_CTX_set1_untrusted_certs() sets up a list of non-trusted certificates -of intermediate CAs that may be useful for path construction when authenticating -the CMP server and when verifying newly enrolled certificates. +of intermediate CAs that may be useful for path construction for the CMP client +certificate, for the TLS client certificate (if any), when verifying +the CMP server certificate, and when verifying newly enrolled certificates. The reference counts of those certificates handled successfully are increased. OSSL_CMP_CTX_get0_untrusted_certs(OSSL_CMP_CTX *ctx) returns a pointer to the @@ -416,13 +424,13 @@ The public key of this B must correspond to the private key set via B. When using signature-based protection of CMP request messages this "protection certificate" will be included first in the extraCerts field. -The subject of this B will be used as the "sender" field -of outgoing CMP messages, with the fallback being -the B set via B. +The subject of this B will be used as the sender field of outgoing +messages, while the subject of any cert set via B +and any value set via B are used as fallback. The B argument may be NULL to clear the entry. OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to the -protecting certificate B set via B. +protection certificate B set via B. This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG) of outgoing messages unless a PBM secret has been set via B. @@ -437,22 +445,25 @@ PBM-based protection takes precedence over signature-based protection. OSSL_CMP_CTX_set1_referenceValue() sets the given referenceValue B with length B in the given B or clears it if the B argument is NULL. -According to RFC 4210 section 5.1.1, if no value for the "sender" field in -CMP message headers can be determined (i.e., no protecting certificate B -and no B is given) then the "sender" field will contain the NULL-DN +According to RFC 4210 section 5.1.1, if no value for the sender field in +CMP message headers can be determined (i.e., no protection certificate B +and no B is given) then the sender field will contain the NULL-DN and the senderKID field of the CMP message header must be set. When signature-based protection is used the senderKID will be set to -the subjectKeyIdentifier of the protecting B as far as present. +the subjectKeyIdentifier of the protection B as far as present. If not present or when PBM-based protection is used the B value is taken as the fallback value for the senderKID. OSSL_CMP_CTX_set1_recipient() sets the recipient name that will be used in the -PKIHeader of a request message, i.e. the X509 name of the (CA) server. -Setting is overruled by subject of B if set. -If neither B nor recipient are set, the recipient of the PKI message is -determined in the following order: issuer, issuer of old cert (oldCert), -issuer of protecting certificate (B), else NULL-DN. -When a response is received, its sender must match the recipient of the request. +PKIHeader of CMP request messages, i.e. the X509 name of the (CA) server. + +The recipient field in the header of a CMP message is mandatory. +If not given explicitly the recipient is determined in the following order: +the subject of the CMP server certificate set using OSSL_CMP_CTX_set1_srvCert(), +the value set using OSSL_CMP_CTX_set1_issuer(), +the issuer of the certificate set using OSSL_CMP_CTX_set1_oldCert(), +the issuer of the protection certificate (B), +as far as any of those is present, else the NULL-DN as last resort. OSSL_CMP_CTX_push0_geninfo_ITAV() adds B to the stack in the B to be added to the GeneralInfo field of the CMP PKIMessage header of a request @@ -480,8 +491,8 @@ the CertTemplate structure when requesting a new cert. For Key Update Requests (KUR), it defaults to the subject DN of the B, see B. This default is used for Initialization Requests (IR) and Certification Requests (CR) only if no SANs are set. -The B is also used as the "sender" field for outgoing CMP messages -if no B has been set (e.g., in case requests are protected using PBM). +The B is also used as fallback for the sender field +of outgoing CMP messages if no B and no B are available. OSSL_CMP_CTX_push1_subjectAltName() adds the given X509 name to the list of alternate names on the certificate template request. This cannot be used if @@ -507,10 +518,11 @@ to the X509_EXTENSIONS of the requested certificate template. OSSL_CMP_CTX_set1_oldCert() sets the old certificate to be updated in Key Update Requests (KUR) or to be revoked in Revocation Requests (RR). -It must be given for RR, else it defaults to the protecting B. +It must be given for RR, else it defaults to the protection B. The B determined in this way, if any, is also used for deriving default subject DN and Subject Alternative Names for IR, CR, and KUR. -Its issuer, if any, is used as default recipient in the CMP message header. +Its subject is used as sender in CMP message headers if no protection cert is given. +Its issuer is used as default recipient in CMP message headers. OSSL_CMP_CTX_set1_p10CSR() sets the PKCS#10 CSR to be used in P10CR. diff --git a/doc/man3/OSSL_CMP_SRV_CTX_new.pod b/doc/man3/OSSL_CMP_SRV_CTX_new.pod index a2d47a45aa..27d4f6ca1e 100644 --- a/doc/man3/OSSL_CMP_SRV_CTX_new.pod +++ b/doc/man3/OSSL_CMP_SRV_CTX_new.pod @@ -85,32 +85,33 @@ OSSL_CMP_SRV_CTX_set_grant_implicit_confirm =head1 DESCRIPTION OSSL_CMP_SRV_process_request() implements the generic aspects of a CMP server. -It does the typical generic checks on the given request message, calls +Its arguments are the B I and the CMP request message +I. It does the typical generic checks on I, calls the respective callback function (if present) for more specific processing, and then assembles a result message, which may be a CMP error message. OSSL_CMP_CTX_server_perform() is an interface to B that can be used by a CMP client in the same way as B. -The B must be set as B of B. +The B must be set as I of I. OSSL_CMP_SRV_CTX_new() creates and initializes an OSSL_CMP_SRV_CTX structure and returns a pointer to it on success, NULL on error. -OSSL_CMP_SRV_CTX_free() deletes the given B. +OSSL_CMP_SRV_CTX_free() deletes the given I. -OSSL_CMP_SRV_CTX_init() sets in the given B a custom server context +OSSL_CMP_SRV_CTX_init() sets in the given I a custom server context pointer as well as callback functions performing the specific processing of CMP certificate requests, revocation requests, certificate confirmation requests, general messages, error messages, and poll requests. -All arguments except B may be NULL. +All arguments except I may be NULL. If a callback for some message type is not given this means that the respective type of CMP message is not supported by the server. -OSSL_CMP_SRV_CTX_get0_cmp_ctx() returns the B from the B. +OSSL_CMP_SRV_CTX_get0_cmp_ctx() returns the B from the I. OSSL_CMP_SRV_CTX_get0_custom_ctx() returns the custom server context from -B that has been set using B. +I that has been set using B. OSSL_CMP_SRV_CTX_set_send_unprotected_errors() enables sending error messages and other forms of negative responses unprotected. @@ -142,7 +143,7 @@ OSSL_CMP_SRV_CTX_get0_cmp_ctx() returns a B structure on success, NULL on error. OSSL_CMP_SRV_CTX_get0_custom_ctx() returns the custom server context -that has been set using B. +that has been set using B. All other functions return 1 on success, 0 on error. diff --git a/doc/man3/OSSL_CMP_validate_msg.pod b/doc/man3/OSSL_CMP_validate_msg.pod index 3b06532ceb..3bf5c06811 100644 --- a/doc/man3/OSSL_CMP_validate_msg.pod +++ b/doc/man3/OSSL_CMP_validate_msg.pod @@ -46,13 +46,6 @@ according to TS 33.310 [Network Domain Security (NDS); Authentication Framework Any cert that has been found as described above is cached and tried first when validating the signatures of subsequent messages in the same transaction. -After successful validation of PBM-based protection of a certificate response -the certificates in the caPubs field (if any) are added to the trusted -certificates provided via L, such that -they are available for validating subsequent messages in the same context. -Those could apply to any Polling Response (pollRep), error, or PKI Confirmation -(PKIConf) messages following in the same or future transactions. - OSSL_CMP_validate_cert_path() attempts to validate the given certificate and its path using the given store of trusted certs (possibly including CRLs and a cert verification callback) and non-trusted intermediate certs from the B. diff --git a/fuzz/cmp.c b/fuzz/cmp.c index 6883a286ff..100350ebfe 100644 --- a/fuzz/cmp.c +++ b/fuzz/cmp.c @@ -94,7 +94,7 @@ static void cmp_client_process_response(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) OSSL_CMP_ITAV_free); break; default: - (void)ossl_cmp_msg_check_received(ctx, msg, allow_unprotected, 0); + (void)ossl_cmp_msg_check_update(ctx, msg, allow_unprotected, 0); break; } err: diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h index e06fba9b7f..9bd576cf1e 100644 --- a/include/openssl/cmp.h +++ b/include/openssl/cmp.h @@ -271,7 +271,7 @@ int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb); # define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level) -void OSSL_CMP_CTX_print_errors(OSSL_CMP_CTX *ctx); +void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx); /* message transfer: */ int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); @@ -359,7 +359,7 @@ int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); /* from cmp_vfy.c */ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg); -int OSSL_CMP_validate_cert_path(OSSL_CMP_CTX *ctx, +int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, X509_STORE *trusted_store, X509 *cert); /* from cmp_http.c */ diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h index 31fa43cd92..d1ce2256fa 100644 --- a/include/openssl/cmperr.h +++ b/include/openssl/cmperr.h @@ -10,6 +10,7 @@ #ifndef OPENSSL_CMPERR_H # define OPENSSL_CMPERR_H +# pragma once # include # include @@ -68,6 +69,7 @@ int ERR_load_CMP_strings(void); # define CMP_R_ERROR_SETTING_CERTHASH 128 # define CMP_R_ERROR_UNEXPECTED_CERTCONF 160 # define CMP_R_ERROR_VALIDATING_PROTECTION 140 +# define CMP_R_ERROR_VALIDATING_SIGNATURE 171 # define CMP_R_FAILED_EXTRACTING_PUBKEY 141 # define CMP_R_FAILURE_OBTAINING_RANDOM 110 # define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c index ab2b930277..2f7fbf7b1e 100644 --- a/test/cmp_client_test.c +++ b/test/cmp_client_test.c @@ -252,7 +252,8 @@ static int execute_try_certreq_poll_test(CMP_SES_TEST_FIXTURE *fixture) && check_after == CHECK_AFTER && TEST_ptr_eq(OSSL_CMP_CTX_get0_newCert(ctx), NULL) && TEST_int_eq(fixture->expected, OSSL_CMP_try_certreq(ctx, TYPE, NULL)) - && TEST_int_eq(0, X509_cmp(OSSL_CMP_CTX_get0_newCert(ctx), client_cert)); + && TEST_int_eq(0, + X509_cmp(OSSL_CMP_CTX_get0_newCert(ctx), client_cert)); } static int test_try_certreq_poll(void) diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index c74dd2faec..583e7c2fbb 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -123,7 +123,8 @@ static int test_verify_popo_bad(void) static int execute_validate_msg_test(CMP_VFY_TEST_FIXTURE *fixture) { return TEST_int_eq(fixture->expected, - OSSL_CMP_validate_msg(fixture->cmp_ctx, fixture->msg)); + ossl_cmp_msg_check_update(fixture->cmp_ctx, fixture->msg, + NULL, 0)); } static int execute_validate_cert_path_test(CMP_VFY_TEST_FIXTURE *fixture) @@ -387,19 +388,19 @@ static int test_validate_cert_path_expired(void) return result; } -static int execute_MSG_check_received_test(CMP_VFY_TEST_FIXTURE *fixture) +static int execute_msg_check_test(CMP_VFY_TEST_FIXTURE *fixture) { const OSSL_CMP_PKIHEADER *hdr = OSSL_CMP_MSG_get0_header(fixture->msg); const ASN1_OCTET_STRING *tid = OSSL_CMP_HDR_get0_transactionID(hdr); if (!TEST_int_eq(fixture->expected, - ossl_cmp_msg_check_received(fixture->cmp_ctx, - fixture->msg, - fixture->allow_unprotected_cb, - fixture->additional_arg))) + ossl_cmp_msg_check_update(fixture->cmp_ctx, + fixture->msg, + fixture->allow_unprotected_cb, + fixture->additional_arg))) return 0; - if (fixture->expected < 0) /* error expected aready during above check */ + if (fixture->expected == 0) /* error expected aready during above check */ return 1; return TEST_int_eq(0, @@ -416,10 +417,10 @@ static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, return allow; } -static void setup_check_received(CMP_VFY_TEST_FIXTURE **fixture, int expected, - ossl_cmp_allow_unprotected_cb_t cb, int arg, - const unsigned char *trid_data, - const unsigned char *nonce_data) +static void setup_check_update(CMP_VFY_TEST_FIXTURE **fixture, int expected, + ossl_cmp_allow_unprotected_cb_t cb, int arg, + const unsigned char *trid_data, + const unsigned char *nonce_data) { OSSL_CMP_CTX *ctx = (*fixture)->cmp_ctx; int nonce_len = OSSL_CMP_SENDERNONCE_LENGTH; @@ -448,33 +449,32 @@ static void setup_check_received(CMP_VFY_TEST_FIXTURE **fixture, int expected, } #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -static int test_MSG_check_received_no_protection_no_cb(void) +static int test_msg_check_no_protection_no_cb(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); - setup_check_received(&fixture, -1, NULL, 0, NULL, NULL); - EXECUTE_TEST(execute_MSG_check_received_test, tear_down); + setup_check_update(&fixture, 0, NULL, 0, NULL, NULL); + EXECUTE_TEST(execute_msg_check_test, tear_down); return result; } -static int test_MSG_check_received_no_protection_restrictive_cb(void) +static int test_msg_check_no_protection_restrictive_cb(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); - setup_check_received(&fixture, -1, allow_unprotected, 0, NULL, NULL); - EXECUTE_TEST(execute_MSG_check_received_test, tear_down); + setup_check_update(&fixture, 0, allow_unprotected, 0, NULL, NULL); + EXECUTE_TEST(execute_msg_check_test, tear_down); return result; } #endif -static int test_MSG_check_received_no_protection_permissive_cb(void) +static int test_msg_check_no_protection_permissive_cb(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); - setup_check_received(&fixture, OSSL_CMP_PKIBODY_IP, allow_unprotected, 1, - NULL, NULL); - EXECUTE_TEST(execute_MSG_check_received_test, tear_down); + setup_check_update(&fixture, 1, allow_unprotected, 1, NULL, NULL); + EXECUTE_TEST(execute_msg_check_test, tear_down); return result; } -static int test_MSG_check_received_check_transaction_id(void) +static int test_msg_check_transaction_id(void) { /* Transaction id belonging to CMP_IR_rmprotection.der */ const unsigned char trans_id[OSSL_CMP_TRANSACTIONID_LENGTH] = { @@ -483,23 +483,22 @@ static int test_MSG_check_received_check_transaction_id(void) }; SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); - setup_check_received(&fixture, OSSL_CMP_PKIBODY_IP, allow_unprotected, 1, - trans_id, NULL); - EXECUTE_TEST(execute_MSG_check_received_test, tear_down); + setup_check_update(&fixture, 1, allow_unprotected, 1, trans_id, NULL); + EXECUTE_TEST(execute_msg_check_test, tear_down); return result; } #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -static int test_MSG_check_received_check_transaction_id_bad(void) +static int test_msg_check_transaction_id_bad(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); - setup_check_received(&fixture, -1, allow_unprotected, 1, rand_data, NULL); - EXECUTE_TEST(execute_MSG_check_received_test, tear_down); + setup_check_update(&fixture, 0, allow_unprotected, 1, rand_data, NULL); + EXECUTE_TEST(execute_msg_check_test, tear_down); return result; } #endif -static int test_MSG_check_received_check_recipient_nonce(void) +static int test_msg_check_recipient_nonce(void) { /* Recipient nonce belonging to CMP_IP_ir_rmprotection.der */ const unsigned char rec_nonce[OSSL_CMP_SENDERNONCE_LENGTH] = { @@ -508,18 +507,17 @@ static int test_MSG_check_received_check_recipient_nonce(void) }; SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); - setup_check_received(&fixture, OSSL_CMP_PKIBODY_IP, allow_unprotected, 1, - NULL, rec_nonce); - EXECUTE_TEST(execute_MSG_check_received_test, tear_down); + setup_check_update(&fixture, 1, allow_unprotected, 1, NULL, rec_nonce); + EXECUTE_TEST(execute_msg_check_test, tear_down); return result; } #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -static int test_MSG_check_received_check_recipient_nonce_bad(void) +static int test_msg_check_recipient_nonce_bad(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); - setup_check_received(&fixture, -1, allow_unprotected, 1, NULL, rand_data); - EXECUTE_TEST(execute_MSG_check_received_test, tear_down); + setup_check_update(&fixture, 0, allow_unprotected, 1, NULL, rand_data); + EXECUTE_TEST(execute_msg_check_test, tear_down); return result; } #endif @@ -629,17 +627,17 @@ int setup_tests(void) ADD_TEST(test_validate_cert_path_wrong_anchor); #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ADD_TEST(test_MSG_check_received_no_protection_no_cb); - ADD_TEST(test_MSG_check_received_no_protection_restrictive_cb); + ADD_TEST(test_msg_check_no_protection_no_cb); + ADD_TEST(test_msg_check_no_protection_restrictive_cb); #endif - ADD_TEST(test_MSG_check_received_no_protection_permissive_cb); - ADD_TEST(test_MSG_check_received_check_transaction_id); + ADD_TEST(test_msg_check_no_protection_permissive_cb); + ADD_TEST(test_msg_check_transaction_id); #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ADD_TEST(test_MSG_check_received_check_transaction_id_bad); + ADD_TEST(test_msg_check_transaction_id_bad); #endif - ADD_TEST(test_MSG_check_received_check_recipient_nonce); + ADD_TEST(test_msg_check_recipient_nonce); #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ADD_TEST(test_MSG_check_received_check_recipient_nonce_bad); + ADD_TEST(test_msg_check_recipient_nonce_bad); #endif return 1; diff --git a/test/recipes/81-test_cmp_cli.t b/test/recipes/81-test_cmp_cli.t new file mode 100644 index 0000000000..3be02c6166 --- /dev/null +++ b/test/recipes/81-test_cmp_cli.t @@ -0,0 +1,291 @@ +#! /usr/bin/env perl +# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. +# Copyright Nokia 2007-2019 +# Copyright Siemens AG 2015-2019 +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use POSIX; +use File::Spec::Functions qw/catfile/; +use File::Compare qw/compare_text/; +use OpenSSL::Test qw/:DEFAULT with data_file data_dir bldtop_dir/; +use OpenSSL::Test::Utils; +use Data::Dumper; # for debugging purposes only + +setup("test_cmp_cli"); + +plan skip_all => "This test is not supported in a no-cmp build" + if disabled("cmp"); +plan skip_all => "This test is not supported in a no-ec build" + if disabled("ec"); +plan skip_all => "Tests involving server not available on Windows or VMS" + if $^O =~ /^(VMS|MSWin32)$/; + +sub chop_dblquot { # chop any leading & trailing '"' (needed for Windows) + my $str = shift; + $str =~ s/^\"(.*?)\"$/$1/; + return $str; +} + +my $proxy = ""; +$proxy = chop_dblquot($ENV{http_proxy} // $ENV{HTTP_PROXY} // $proxy); +$proxy =~ s{^https?://}{}i; +my $no_proxy = $ENV{no_proxy} // $ENV{NO_PROXY}; + +my $app = "apps/openssl cmp"; + +my @cmp_basic_tests = ( + [ "show help", [ "-config", '""', "-help" ], 0 ], + [ "CLI option not starting with '-'", [ "-config", '""', "days", "1" ], 1 ], + [ "unknown CLI option", [ "-config", '""', "-dayss" ], 1 ], + [ "bad int syntax: non-digit", [ "-config", '""', "-days", "a/" ], 1 ], + [ "bad int syntax: float", [ "-config", '""', "-days", "3.14" ], 1 ], + [ "bad int syntax: trailing garbage", [ "-config", '""', "-days", "314_+" ], 1 ], + [ "bad int: out of range", [ "-config", '""', "-days", "2147483648" ], 1 ], +); + +my $rsp_cert = "signer_only.crt"; +my $outfile = "test.cert.pem"; +my $secret = "pass:test"; +my $localport = 1700; + +# this uses the mock server directly in the cmp app, without TCP +sub use_mock_srv_internally +{ + ok(run(cmd([bldtop_dir($app), + "-config", '""', + "-use_mock_srv", "-srv_ref", "mock server", + "-srv_cert", "server.crt", # used for setting sender + "-srv_secret", $secret, + "-poll_count", "1", + "-rsp_cert", $rsp_cert, + "-cmd", "cr", + "-subject", "/CN=any", + "-newkey", "signer.key", + "-recipient", "/O=openssl_cmp", # if given must be consistent with sender + "-secret", $secret, + "-ref", "client under test", + "-certout" , $outfile])) + && compare_text($outfile, $rsp_cert) == 0, + "CMP app with -use_mock_srv and -poll_count 1"); + unlink $outfile; +} + +# the CMP server configuration consists of: +my $ca_dn; # The CA's Distinguished Name +my $server_dn; # The server's Distinguished Name +my $server_host;# The server's host name or IP address +my $server_port;# The server's port +my $server_tls; # The server's TLS port, if any, or 0 +my $server_path;# The server's CMP alias +my $server_cert;# The server's cert +my $kur_port; # The server's port for kur (cert update) +my $pbm_port; # The server port to be used for PBM +my $pbm_ref; # The reference for PBM +my $pbm_secret; # The secret for PBM +my $column; # The column number of the expected result +my $sleep = 0; # The time to sleep between two requests + +# The local $server_name variables below are among others taken as the name of a +# sub-directory with server-specific certs etc. and CA-specific config section. + +sub load_config { + my $server_name = shift; + my $section = shift; + my $test_config = $ENV{OPENSSL_CMP_CONFIG} // "$server_name/test.cnf"; + open (CH, $test_config) or die "Cannot open $test_config: $!"; + my $active = 0; + while () { + if (m/\[\s*$section\s*\]/) { + $active = 1; + } elsif (m/\[\s*.*?\s*\]/) { + $active = 0; + } elsif ($active) { + $ca_dn = $1 eq "" ? '""""' : $1 if m/^\s*ca_dn\s*=\s*(.*)?\s*$/; + $server_dn = $1 eq "" ? '""""' : $1 if m/^\s*server_dn\s*=\s*(.*)?\s*$/; + $server_host = $1 eq "" ? '""""' : $1 if m/^\s*server_host\s*=\s*(\S*)?\s*(\#.*)?$/; + $server_port = $1 eq "" ? '""""' : $1 if m/^\s*server_port\s*=\s*(.*)?\s*$/; + $server_tls = $1 eq "" ? '""""' : $1 if m/^\s*server_tls\s*=\s*(.*)?\s*$/; + $server_path = $1 eq "" ? '""""' : $1 if m/^\s*server_path\s*=\s*(.*)?\s*$/; + $server_cert = $1 eq "" ? '""""' : $1 if m/^\s*server_cert\s*=\s*(.*)?\s*$/; + $kur_port = $1 eq "" ? '""""' : $1 if m/^\s*kur_port\s*=\s*(.*)?\s*$/; + $pbm_port = $1 eq "" ? '""""' : $1 if m/^\s*pbm_port\s*=\s*(.*)?\s*$/; + $pbm_ref = $1 eq "" ? '""""' : $1 if m/^\s*pbm_ref\s*=\s*(.*)?\s*$/; + $pbm_secret = $1 eq "" ? '""""' : $1 if m/^\s*pbm_secret\s*=\s*(.*)?\s*$/; + $column = $1 eq "" ? '""""' : $1 if m/^\s*column\s*=\s*(.*)?\s*$/; + $sleep = $1 eq "" ? '""""' : $1 if m/^\s*sleep\s*=\s*(.*)?\s*$/; + } + } + close CH; + die "Cannot find all CMP server config values in $test_config section [$section]\n" + if !defined $ca_dn + || !defined $server_dn || !defined $server_host + || !defined $server_port || !defined $server_tls + || !defined $server_path || !defined $server_cert + || !defined $kur_port || !defined $pbm_port + || !defined $pbm_ref || !defined $pbm_secret + || !defined $column || !defined $sleep; + $server_dn = $server_dn // $ca_dn; +} + +my @server_configurations = ("Mock"); + at server_configurations = split /\s+/, $ENV{OPENSSL_CMP_SERVER} if $ENV{OPENSSL_CMP_SERVER}; +# set env variable, e.g., OPENSSL_CMP_SERVER="Mock Insta" to include further CMP servers + +my @all_aspects = ("connection", "verification", "credentials", "commands", "enrollment"); + at all_aspects = split /\s+/, $ENV{OPENSSL_CMP_ASPECTS} if $ENV{OPENSSL_CMP_ASPECTS}; +# set env variable, e.g., OPENSSL_CMP_ASPECTS="commands enrollment" to select specific aspects + +my $faillog; +if ($ENV{HARNESS_FAILLOG}) { + my $file = $ENV{HARNESS_FAILLOG}; + open($faillog, ">", $file) or die "Cannot open $file for writing: $!"; +} + +sub test_cmp_cli { + my $server_name = shift; + my $aspect = shift; + my $n = shift; + my $i = shift; + my $title = shift; + my $params = shift; + my $expected_exit = shift; + my $path_app = bldtop_dir($app); + with({ exit_checker => sub { + my $actual_exit = shift; + my $OK = $actual_exit == $expected_exit; + if ($faillog && !$OK) { + sub quote_spc_empty(_) { $_ eq "" ? '""' : $_ =~ m/ / ? '"'.$_.'"' : $_ }; + my $invocation = ("$path_app ").join(' ', map quote_spc_empty @$params); + print $faillog "$server_name $aspect \"$title\" ($i/$n)". + " expected=$expected_exit actual=$actual_exit\n"; + print $faillog "$invocation\n\n"; + } + return $OK; } }, + sub { ok(run(cmd([$path_app, @$params,])), + $title); }); +} + +sub test_cmp_cli_aspect { + my $server_name = shift; + my $aspect = shift; + my $tests = shift; + subtest "CMP app CLI $server_name $aspect\n" => sub { + my $n = scalar @$tests; + plan tests => $n; + my $i = 1; + foreach (@$tests) { + SKIP: { + test_cmp_cli($server_name, $aspect, $n, $i++, $$_[0], $$_[1], $$_[2]); + sleep($sleep); + } + } + }; + unlink "test.cert.pem", "test.cacerts.pem", "test.extracerts.pem"; +} + +indir data_dir() => sub { + plan tests => 1 + @server_configurations * @all_aspects + + (grep(/^Mock$/, @server_configurations) + && grep(/^certstatus$/, @all_aspects) ? 0 : 1); + + test_cmp_cli_aspect("basic", "options", \@cmp_basic_tests); + + indir "Mock" => sub { + use_mock_srv_internally(); + }; + + foreach my $server_name (@server_configurations) { + $server_name = chop_dblquot($server_name); + load_config($server_name, $server_name); + my $launch_mock = $server_name eq "Mock" && !$ENV{OPENSSL_CMP_CONFIG}; + if ($launch_mock) { + indir "Mock" => sub { + stop_mock_server(); # in case a previous run did not exit properly + start_mock_server("") || die "Cannot start CMP mock server"; + } + } + foreach my $aspect (@all_aspects) { + $aspect = chop_dblquot($aspect); + next if $server_name eq "Mock" && $aspect eq "certstatus"; + load_config($server_name, $aspect); # update with any aspect-specific settings + indir $server_name => sub { + my $tests = load_tests($server_name, $aspect); + test_cmp_cli_aspect($server_name, $aspect, $tests); + }; + }; + stop_mock_server() if $launch_mock; + }; +}; + +close($faillog) if $faillog; + +sub load_tests { + my $server_name = shift; + my $aspect = shift; + my $test_config = $ENV{OPENSSL_CMP_CONFIG} // "$server_name/test.cnf"; + my $file = data_file("test_$aspect.csv"); + my @result; + + open(my $data, '<', $file) || die "Cannot open $file for reading: $!"; + LOOP: + while (my $line = <$data>) { + chomp $line; + $line =~ s{\r\n}{\n}g; # adjust line endings + $line =~ s{_CA_DN}{$ca_dn}g; + $line =~ s{_SERVER_DN}{$server_dn}g; + $line =~ s{_SERVER_HOST}{$server_host}g; + $line =~ s{_SERVER_PORT}{$server_port}g; + $line =~ s{_SERVER_TLS}{$server_tls}g; + $line =~ s{_SERVER_PATH}{$server_path}g; + $line =~ s{_SERVER_CERT}{$server_cert}g; + $line =~ s{_KUR_PORT}{$kur_port}g; + $line =~ s{_PBM_PORT}{$pbm_port}g; + $line =~ s{_PBM_REF}{$pbm_ref}g; + $line =~ s{_PBM_SECRET}{$pbm_secret}g; + my $noproxy = $line =~ m/,\s*-no_proxy\s*,(.*?)(,|$)/ ? $1 : $no_proxy; + next LOOP if $no_proxy && ($noproxy =~ $server_host) + && $line =~ m/,\s*-proxy\s*,/; + next LOOP if $server_tls == 0 && $line =~ m/,\s*-tls_used\s*,/; + $line =~ s{-section,,}{-section,,-proxy,$proxy,} unless $line =~ m/,\s*-proxy\s*,/; + $line =~ s{-section,,}{-config,../$test_config,-section,$server_name $aspect,}; + my @fields = grep /\S/, split ",", $line; + s/^$// for (@fields); # used for proxy="" + s/^\s+// for (@fields); # remove leading whitespace from elements + s/\s+$// for (@fields); # remove trailing whitespace from elements + s/^\"(\".*?\")\"$/$1/ for (@fields); # remove escaping from quotation marks from elements + my $expected_exit = $fields[$column]; + my $description = 1; + my $title = $fields[$description]; + next LOOP if (!defined($expected_exit) + || ($expected_exit ne 0 && $expected_exit ne 1)); + @fields = grep {$_ ne 'BLANK'} @fields[$description + 1 .. @fields - 1]; + push @result, [$title, \@fields, $expected_exit]; + } + close($data); + return \@result; +} + +sub mock_server_pid { + return `lsof -iTCP:$localport -sTCP:LISTEN | tail -n 1 | awk '{ print \$2 }'`; +} + +sub start_mock_server { + return 0 if mock_server_pid(); # already running + my $args = $_[0]; # optional further CLI arguments + my $dir = bldtop_dir(""); + return system("LD_LIBRARY_PATH=$dir DYLD_LIBRARY_PATH=$dir " . + bldtop_dir($app) . " -config server.cnf " . + "$args &") == 0; # start in background, check for success +} + +sub stop_mock_server { + my $pid = mock_server_pid(); + system("kill $pid") if $pid; +} diff --git a/test/recipes/81-test_cmp_cli_data/Mock/12345.txt b/test/recipes/81-test_cmp_cli_data/Mock/12345.txt new file mode 100644 index 0000000000..e56e15bb7d --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/12345.txt @@ -0,0 +1 @@ +12345 diff --git a/test/recipes/81-test_cmp_cli_data/Mock/big_issuing.crt b/test/recipes/81-test_cmp_cli_data/Mock/big_issuing.crt new file mode 100644 index 0000000000..e96f3cf788 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/big_issuing.crt @@ -0,0 +1,1577 @@ +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = subinterCA +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- + +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = interCA +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- + + + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- diff --git a/test/recipes/81-test_cmp_cli_data/Mock/big_root.crt b/test/recipes/81-test_cmp_cli_data/Mock/big_root.crt new file mode 100644 index 0000000000..6f0124cc2f --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/big_root.crt @@ -0,0 +1,1554 @@ +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootCA +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa +Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM +BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf ++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i +xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO +rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU +34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL +r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2 +QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf +ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w +DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0 +mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ +WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI +qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0 +GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT +JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ= +-----END CERTIFICATE----- + + + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- diff --git a/test/recipes/81-test_cmp_cli_data/Mock/big_server.crt b/test/recipes/81-test_cmp_cli_data/Mock/big_server.crt new file mode 100644 index 0000000000..82e46310fc --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/big_server.crt @@ -0,0 +1,1550 @@ + Subject: O = openssl_cmp + Issuer: O = openssl_cmp +-----BEGIN CERTIFICATE----- +MIICpTCCAY2gAwIBAgIBATANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQKDAtvcGVu +c3NsX2NtcDAeFw0xNzEyMjAxMzA0MDBaFw0xODEyMjAxMzA0MDBaMBYxFDASBgNV +BAoMC29wZW5zc2xfY21wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +4ckRrH0UWmIJFj99kBqvCipGjJRAaPkdvWjdDQLglTpI3eZAJHnq0ypW/PZccrWj +o7mxuvAStEYWF+5Jx6ZFmAsC1K0NNebSAZQoLWYZqiOzkfVVpLicMnItNFElfCoh +BzPCYmF5UlC5yp9PSUEfNwPJqDIRMtw+IlVUV3AJw9TJ3uuWq/vWW9r96/gBKKdd +mj/q2gGT8RC6LxEaolTbhfPbHaA1DFpv1WQFb3oAV3Wq14SOZf9bH1olBVsmBMsU +shFEw5MXVrNCv2moM4HtITMyjvZe7eIwHzSzf6dvQjERG6GvZ/i5KOhaqgJCnRKd +HHzijz9cLec5p9NSOuC1OwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQDGUXpFCBkV +WgPrBfZyBwt6VCjWB/e67q4IdcKMfDa4hwSquah1AyXHI0PlC/qitnoSx2+7f7pY +TEOay/3eEPUl1J5tdPF2Vg56Dw8jdhSkMwO7bXKDEE3R6o6jaa4ECgxwQtdGHmNU +A41PgKX76yEXku803ptO39/UR7i7Ye3MbyAmWE+PvixJYUbxd3fqz5fsaJqTCzAy +AT9hrr4uu8J7m3LYaYXo4LVL4jw5UsP5bIYtpmmEBfy9GhpUqH5/LzBNij7y3ziE +T59wHkzawAQDHsBPuCe07DFtlzqWWvaih0TQAw9MZ2tbyK9jt7P80Rqt9CwpM/i9 +jQYqSl/ix5hn +-----END CERTIFICATE----- + + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- diff --git a/test/recipes/81-test_cmp_cli_data/Mock/big_trusted.crt b/test/recipes/81-test_cmp_cli_data/Mock/big_trusted.crt new file mode 100644 index 0000000000..3bd3458e10 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/big_trusted.crt @@ -0,0 +1,1552 @@ + Subject: O = openssl_cmp + Issuer: O = openssl_cmp +-----BEGIN CERTIFICATE----- +MIICpTCCAY2gAwIBAgIBATANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQKDAtvcGVu +c3NsX2NtcDAeFw0xNzEyMjAxMzA0MDBaFw0xODEyMjAxMzA0MDBaMBYxFDASBgNV +BAoMC29wZW5zc2xfY21wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +4ckRrH0UWmIJFj99kBqvCipGjJRAaPkdvWjdDQLglTpI3eZAJHnq0ypW/PZccrWj +o7mxuvAStEYWF+5Jx6ZFmAsC1K0NNebSAZQoLWYZqiOzkfVVpLicMnItNFElfCoh +BzPCYmF5UlC5yp9PSUEfNwPJqDIRMtw+IlVUV3AJw9TJ3uuWq/vWW9r96/gBKKdd +mj/q2gGT8RC6LxEaolTbhfPbHaA1DFpv1WQFb3oAV3Wq14SOZf9bH1olBVsmBMsU +shFEw5MXVrNCv2moM4HtITMyjvZe7eIwHzSzf6dvQjERG6GvZ/i5KOhaqgJCnRKd +HHzijz9cLec5p9NSOuC1OwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQDGUXpFCBkV +WgPrBfZyBwt6VCjWB/e67q4IdcKMfDa4hwSquah1AyXHI0PlC/qitnoSx2+7f7pY +TEOay/3eEPUl1J5tdPF2Vg56Dw8jdhSkMwO7bXKDEE3R6o6jaa4ECgxwQtdGHmNU +A41PgKX76yEXku803ptO39/UR7i7Ye3MbyAmWE+PvixJYUbxd3fqz5fsaJqTCzAy +AT9hrr4uu8J7m3LYaYXo4LVL4jw5UsP5bIYtpmmEBfy9GhpUqH5/LzBNij7y3ziE +T59wHkzawAQDHsBPuCe07DFtlzqWWvaih0TQAw9MZ2tbyK9jt7P80Rqt9CwpM/i9 +jQYqSl/ix5hn +-----END CERTIFICATE----- + + + + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIcFzCCG4CgAwIBAgIGR09PUAFxMA0GCSqGSIb3DQEBBQUAMEYxCzAJBgNVBAYT +AlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSIwIAYDVQQDExlHb29nbGUgSW50ZXJu +ZXQgQXV0aG9yaXR5MB4XDTEyMTAyNDEzNTczOVoXDTEzMDYwNzE5NDMyN1owZDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50 +YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxEzARBgNVBAMTCmdvb2dsZS5j +b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMNn/Rw5irMPscWpYsExcGQT +wqdxT/U9Pfybt9ttPYlXVbCd6yux0jWGNBHN+f4kCc5pwrbjmA4QSRY2uVa4T8f2 +g3NucDDveUi29WVN+FJcyhj+V38lEkYbdhpIZL149dK5fAN1zzwCo10Nk+lhebcY +fCtMHLmuCX2D6mJ2CnPVAgMBAAGjghnwMIIZ7DAMBgNVHRMBAf8EAjAAMB0GA1Ud +JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU0Qp1w0hi4nhbaJEB +h/wuZwO4OyIwHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0f +BFQwUjBQoE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5l +dEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUH +AQEEWjBYMFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2ds +ZUludGVybmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDCC +GLYGA1UdEQSCGK0wghipggpnb29nbGUuY29tggwqLmdvb2dsZS5jb22CDSoueW91 +dHViZS5jb22CC3lvdXR1YmUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tggh5 +b3V0dS5iZYILKi55dGltZy5jb22CDSouYW5kcm9pZC5jb22CC2FuZHJvaWQuY29t +ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghAqLnVy +bC5nb29nbGUuY29tggwqLnVyY2hpbi5jb22CCnVyY2hpbi5jb22CFiouZ29vZ2xl +LWFuYWx5dGljcy5jb22CFGdvb2dsZS1hbmFseXRpY3MuY29tghIqLmNsb3VkLmdv +b2dsZS5jb22CBmdvby5nbIIEZy5jb4INKi5nc3RhdGljLmNvbYIPKi5nb29nbGVh +cGlzLmNughYqLmFwcGVuZ2luZS5nb29nbGUuY29tggsqLmdvb2dsZS5hY4ILKi5n +b29nbGUuYWSCCyouZ29vZ2xlLmFlggsqLmdvb2dsZS5hZoILKi5nb29nbGUuYWeC +CyouZ29vZ2xlLmFsggsqLmdvb2dsZS5hbYILKi5nb29nbGUuYXOCCyouZ29vZ2xl +LmF0ggsqLmdvb2dsZS5heoILKi5nb29nbGUuYmGCCyouZ29vZ2xlLmJlggsqLmdv +b2dsZS5iZoILKi5nb29nbGUuYmeCCyouZ29vZ2xlLmJpggsqLmdvb2dsZS5iaoIL +Ki5nb29nbGUuYnOCCyouZ29vZ2xlLmJ5ggsqLmdvb2dsZS5jYYIMKi5nb29nbGUu +Y2F0ggsqLmdvb2dsZS5jY4ILKi5nb29nbGUuY2SCCyouZ29vZ2xlLmNmggsqLmdv +b2dsZS5jZ4ILKi5nb29nbGUuY2iCCyouZ29vZ2xlLmNpggsqLmdvb2dsZS5jbIIL +Ki5nb29nbGUuY22CCyouZ29vZ2xlLmNugg4qLmdvb2dsZS5jby5hb4IOKi5nb29n +bGUuY28uYneCDiouZ29vZ2xlLmNvLmNrgg4qLmdvb2dsZS5jby5jcoIOKi5nb29n +bGUuY28uaHWCDiouZ29vZ2xlLmNvLmlkgg4qLmdvb2dsZS5jby5pbIIOKi5nb29n +bGUuY28uaW2CDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qZYIOKi5nb29n +bGUuY28uanCCDiouZ29vZ2xlLmNvLmtlgg4qLmdvb2dsZS5jby5rcoIOKi5nb29n +bGUuY28ubHOCDiouZ29vZ2xlLmNvLm1hgg4qLmdvb2dsZS5jby5teoIOKi5nb29n +bGUuY28ubnqCDiouZ29vZ2xlLmNvLnRogg4qLmdvb2dsZS5jby50eoIOKi5nb29n +bGUuY28udWeCDiouZ29vZ2xlLmNvLnVrgg4qLmdvb2dsZS5jby51eoIOKi5nb29n +bGUuY28udmWCDiouZ29vZ2xlLmNvLnZpgg4qLmdvb2dsZS5jby56YYIOKi5nb29n +bGUuY28uem2CDiouZ29vZ2xlLmNvLnp3gg8qLmdvb2dsZS5jb20uYWaCDyouZ29v +Z2xlLmNvbS5hZ4IPKi5nb29nbGUuY29tLmFpgg8qLmdvb2dsZS5jb20uYXKCDyou +Z29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJkgg8qLmdvb2dsZS5jb20uYmiC +DyouZ29vZ2xlLmNvbS5iboIPKi5nb29nbGUuY29tLmJvgg8qLmdvb2dsZS5jb20u +YnKCDyouZ29vZ2xlLmNvbS5ieYIPKi5nb29nbGUuY29tLmJ6gg8qLmdvb2dsZS5j +b20uY26CDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLmN1gg8qLmdvb2ds +ZS5jb20uY3mCDyouZ29vZ2xlLmNvbS5kb4IPKi5nb29nbGUuY29tLmVjgg8qLmdv +b2dsZS5jb20uZWeCDyouZ29vZ2xlLmNvbS5ldIIPKi5nb29nbGUuY29tLmZqgg8q +Lmdvb2dsZS5jb20uZ2WCDyouZ29vZ2xlLmNvbS5naIIPKi5nb29nbGUuY29tLmdp +gg8qLmdvb2dsZS5jb20uZ3KCDyouZ29vZ2xlLmNvbS5ndIIPKi5nb29nbGUuY29t +Lmhrgg8qLmdvb2dsZS5jb20uaXGCDyouZ29vZ2xlLmNvbS5qbYIPKi5nb29nbGUu +Y29tLmpvgg8qLmdvb2dsZS5jb20ua2iCDyouZ29vZ2xlLmNvbS5rd4IPKi5nb29n +bGUuY29tLmxigg8qLmdvb2dsZS5jb20ubHmCDyouZ29vZ2xlLmNvbS5tdIIPKi5n +b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20ubXmCDyouZ29vZ2xlLmNvbS5uYYIP +Ki5nb29nbGUuY29tLm5mgg8qLmdvb2dsZS5jb20ubmeCDyouZ29vZ2xlLmNvbS5u +aYIPKi5nb29nbGUuY29tLm5wgg8qLmdvb2dsZS5jb20ubnKCDyouZ29vZ2xlLmNv +bS5vbYIPKi5nb29nbGUuY29tLnBhgg8qLmdvb2dsZS5jb20ucGWCDyouZ29vZ2xl +LmNvbS5waIIPKi5nb29nbGUuY29tLnBrgg8qLmdvb2dsZS5jb20ucGyCDyouZ29v +Z2xlLmNvbS5wcoIPKi5nb29nbGUuY29tLnB5gg8qLmdvb2dsZS5jb20ucWGCDyou +Z29vZ2xlLmNvbS5ydYIPKi5nb29nbGUuY29tLnNhgg8qLmdvb2dsZS5jb20uc2KC +DyouZ29vZ2xlLmNvbS5zZ4IPKi5nb29nbGUuY29tLnNsgg8qLmdvb2dsZS5jb20u +c3aCDyouZ29vZ2xlLmNvbS50aoIPKi5nb29nbGUuY29tLnRugg8qLmdvb2dsZS5j +b20udHKCDyouZ29vZ2xlLmNvbS50d4IPKi5nb29nbGUuY29tLnVhgg8qLmdvb2ds +ZS5jb20udXmCDyouZ29vZ2xlLmNvbS52Y4IPKi5nb29nbGUuY29tLnZlgg8qLmdv +b2dsZS5jb20udm6CCyouZ29vZ2xlLmN2ggsqLmdvb2dsZS5jeoILKi5nb29nbGUu +ZGWCCyouZ29vZ2xlLmRqggsqLmdvb2dsZS5ka4ILKi5nb29nbGUuZG2CCyouZ29v +Z2xlLmR6ggsqLmdvb2dsZS5lZYILKi5nb29nbGUuZXOCCyouZ29vZ2xlLmZpggsq +Lmdvb2dsZS5mbYILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmdhggsqLmdvb2dsZS5n +ZYILKi5nb29nbGUuZ2eCCyouZ29vZ2xlLmdsggsqLmdvb2dsZS5nbYILKi5nb29n +bGUuZ3CCCyouZ29vZ2xlLmdyggsqLmdvb2dsZS5neYILKi5nb29nbGUuaGuCCyou +Z29vZ2xlLmhuggsqLmdvb2dsZS5ocoILKi5nb29nbGUuaHSCCyouZ29vZ2xlLmh1 +ggsqLmdvb2dsZS5pZYILKi5nb29nbGUuaW2CDSouZ29vZ2xlLmluZm+CCyouZ29v +Z2xlLmlxggsqLmdvb2dsZS5pc4ILKi5nb29nbGUuaXSCDiouZ29vZ2xlLml0LmFv +ggsqLmdvb2dsZS5qZYILKi5nb29nbGUuam+CDSouZ29vZ2xlLmpvYnOCCyouZ29v +Z2xlLmpwggsqLmdvb2dsZS5rZ4ILKi5nb29nbGUua2mCCyouZ29vZ2xlLmt6ggsq +Lmdvb2dsZS5sYYILKi5nb29nbGUubGmCCyouZ29vZ2xlLmxrggsqLmdvb2dsZS5s +dIILKi5nb29nbGUubHWCCyouZ29vZ2xlLmx2ggsqLmdvb2dsZS5tZIILKi5nb29n +bGUubWWCCyouZ29vZ2xlLm1nggsqLmdvb2dsZS5ta4ILKi5nb29nbGUubWyCCyou +Z29vZ2xlLm1uggsqLmdvb2dsZS5tc4ILKi5nb29nbGUubXWCCyouZ29vZ2xlLm12 +ggsqLmdvb2dsZS5td4ILKi5nb29nbGUubmWCDiouZ29vZ2xlLm5lLmpwggwqLmdv +b2dsZS5uZXSCCyouZ29vZ2xlLm5sggsqLmdvb2dsZS5ub4ILKi5nb29nbGUubnKC +CyouZ29vZ2xlLm51gg8qLmdvb2dsZS5vZmYuYWmCCyouZ29vZ2xlLnBrggsqLmdv +b2dsZS5wbIILKi5nb29nbGUucG6CCyouZ29vZ2xlLnBzggsqLmdvb2dsZS5wdIIL +Ki5nb29nbGUucm+CCyouZ29vZ2xlLnJzggsqLmdvb2dsZS5ydYILKi5nb29nbGUu +cneCCyouZ29vZ2xlLnNjggsqLmdvb2dsZS5zZYILKi5nb29nbGUuc2iCCyouZ29v +Z2xlLnNpggsqLmdvb2dsZS5za4ILKi5nb29nbGUuc22CCyouZ29vZ2xlLnNuggsq +Lmdvb2dsZS5zb4ILKi5nb29nbGUuc3SCCyouZ29vZ2xlLnRkggsqLmdvb2dsZS50 +Z4ILKi5nb29nbGUudGuCCyouZ29vZ2xlLnRsggsqLmdvb2dsZS50bYILKi5nb29n +bGUudG6CCyouZ29vZ2xlLnRvggsqLmdvb2dsZS50cIILKi5nb29nbGUudHSCCyou +Z29vZ2xlLnVzggsqLmdvb2dsZS51eoILKi5nb29nbGUudmeCCyouZ29vZ2xlLnZ1 +ggsqLmdvb2dsZS53c4IJZ29vZ2xlLmFjgglnb29nbGUuYWSCCWdvb2dsZS5hZYIJ +Z29vZ2xlLmFmgglnb29nbGUuYWeCCWdvb2dsZS5hbIIJZ29vZ2xlLmFtgglnb29n +bGUuYXOCCWdvb2dsZS5hdIIJZ29vZ2xlLmF6gglnb29nbGUuYmGCCWdvb2dsZS5i +ZYIJZ29vZ2xlLmJmgglnb29nbGUuYmeCCWdvb2dsZS5iaYIJZ29vZ2xlLmJqggln +b29nbGUuYnOCCWdvb2dsZS5ieYIJZ29vZ2xlLmNhggpnb29nbGUuY2F0gglnb29n +bGUuY2OCCWdvb2dsZS5jZIIJZ29vZ2xlLmNmgglnb29nbGUuY2eCCWdvb2dsZS5j +aIIJZ29vZ2xlLmNpgglnb29nbGUuY2yCCWdvb2dsZS5jbYIJZ29vZ2xlLmNuggxn +b29nbGUuY28uYW+CDGdvb2dsZS5jby5id4IMZ29vZ2xlLmNvLmNrggxnb29nbGUu +Y28uY3KCDGdvb2dsZS5jby5odYIMZ29vZ2xlLmNvLmlkggxnb29nbGUuY28uaWyC +DGdvb2dsZS5jby5pbYIMZ29vZ2xlLmNvLmluggxnb29nbGUuY28uamWCDGdvb2ds +ZS5jby5qcIIMZ29vZ2xlLmNvLmtlggxnb29nbGUuY28ua3KCDGdvb2dsZS5jby5s +c4IMZ29vZ2xlLmNvLm1hggxnb29nbGUuY28ubXqCDGdvb2dsZS5jby5ueoIMZ29v +Z2xlLmNvLnRoggxnb29nbGUuY28udHqCDGdvb2dsZS5jby51Z4IMZ29vZ2xlLmNv +LnVrggxnb29nbGUuY28udXqCDGdvb2dsZS5jby52ZYIMZ29vZ2xlLmNvLnZpggxn +b29nbGUuY28uemGCDGdvb2dsZS5jby56bYIMZ29vZ2xlLmNvLnp3gg1nb29nbGUu +Y29tLmFmgg1nb29nbGUuY29tLmFngg1nb29nbGUuY29tLmFpgg1nb29nbGUuY29t +LmFygg1nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmJkgg1nb29nbGUuY29tLmJo +gg1nb29nbGUuY29tLmJugg1nb29nbGUuY29tLmJvgg1nb29nbGUuY29tLmJygg1n +b29nbGUuY29tLmJ5gg1nb29nbGUuY29tLmJ6gg1nb29nbGUuY29tLmNugg1nb29n +bGUuY29tLmNvgg1nb29nbGUuY29tLmN1gg1nb29nbGUuY29tLmN5gg1nb29nbGUu +Y29tLmRvgg1nb29nbGUuY29tLmVjgg1nb29nbGUuY29tLmVngg1nb29nbGUuY29t +LmV0gg1nb29nbGUuY29tLmZqgg1nb29nbGUuY29tLmdlgg1nb29nbGUuY29tLmdo +gg1nb29nbGUuY29tLmdpgg1nb29nbGUuY29tLmdygg1nb29nbGUuY29tLmd0gg1n +b29nbGUuY29tLmhrgg1nb29nbGUuY29tLmlxgg1nb29nbGUuY29tLmptgg1nb29n +bGUuY29tLmpvgg1nb29nbGUuY29tLmtogg1nb29nbGUuY29tLmt3gg1nb29nbGUu +Y29tLmxigg1nb29nbGUuY29tLmx5gg1nb29nbGUuY29tLm10gg1nb29nbGUuY29t +Lm14gg1nb29nbGUuY29tLm15gg1nb29nbGUuY29tLm5hgg1nb29nbGUuY29tLm5m +gg1nb29nbGUuY29tLm5ngg1nb29nbGUuY29tLm5pgg1nb29nbGUuY29tLm5wgg1n +b29nbGUuY29tLm5ygg1nb29nbGUuY29tLm9tgg1nb29nbGUuY29tLnBhgg1nb29n +bGUuY29tLnBlgg1nb29nbGUuY29tLnBogg1nb29nbGUuY29tLnBrgg1nb29nbGUu +Y29tLnBsgg1nb29nbGUuY29tLnBygg1nb29nbGUuY29tLnB5gg1nb29nbGUuY29t +LnFhgg1nb29nbGUuY29tLnJ1gg1nb29nbGUuY29tLnNhgg1nb29nbGUuY29tLnNi +gg1nb29nbGUuY29tLnNngg1nb29nbGUuY29tLnNsgg1nb29nbGUuY29tLnN2gg1n +b29nbGUuY29tLnRqgg1nb29nbGUuY29tLnRugg1nb29nbGUuY29tLnRygg1nb29n +bGUuY29tLnR3gg1nb29nbGUuY29tLnVhgg1nb29nbGUuY29tLnV5gg1nb29nbGUu +Y29tLnZjgg1nb29nbGUuY29tLnZlgg1nb29nbGUuY29tLnZugglnb29nbGUuY3aC +CWdvb2dsZS5jeoIJZ29vZ2xlLmRlgglnb29nbGUuZGqCCWdvb2dsZS5ka4IJZ29v +Z2xlLmRtgglnb29nbGUuZHqCCWdvb2dsZS5lZYIJZ29vZ2xlLmVzgglnb29nbGUu +ZmmCCWdvb2dsZS5mbYIJZ29vZ2xlLmZygglnb29nbGUuZ2GCCWdvb2dsZS5nZYIJ +Z29vZ2xlLmdngglnb29nbGUuZ2yCCWdvb2dsZS5nbYIJZ29vZ2xlLmdwgglnb29n +bGUuZ3KCCWdvb2dsZS5neYIJZ29vZ2xlLmhrgglnb29nbGUuaG6CCWdvb2dsZS5o +coIJZ29vZ2xlLmh0gglnb29nbGUuaHWCCWdvb2dsZS5pZYIJZ29vZ2xlLmltggtn +b29nbGUuaW5mb4IJZ29vZ2xlLmlxgglnb29nbGUuaXOCCWdvb2dsZS5pdIIMZ29v +Z2xlLml0LmFvgglnb29nbGUuamWCCWdvb2dsZS5qb4ILZ29vZ2xlLmpvYnOCCWdv +b2dsZS5qcIIJZ29vZ2xlLmtngglnb29nbGUua2mCCWdvb2dsZS5reoIJZ29vZ2xl +Lmxhgglnb29nbGUubGmCCWdvb2dsZS5sa4IJZ29vZ2xlLmx0gglnb29nbGUubHWC +CWdvb2dsZS5sdoIJZ29vZ2xlLm1kgglnb29nbGUubWWCCWdvb2dsZS5tZ4IJZ29v +Z2xlLm1rgglnb29nbGUubWyCCWdvb2dsZS5tboIJZ29vZ2xlLm1zgglnb29nbGUu +bXWCCWdvb2dsZS5tdoIJZ29vZ2xlLm13gglnb29nbGUubmWCDGdvb2dsZS5uZS5q +cIIKZ29vZ2xlLm5ldIIJZ29vZ2xlLm5sgglnb29nbGUubm+CCWdvb2dsZS5ucoIJ +Z29vZ2xlLm51gg1nb29nbGUub2ZmLmFpgglnb29nbGUucGuCCWdvb2dsZS5wbIIJ +Z29vZ2xlLnBugglnb29nbGUucHOCCWdvb2dsZS5wdIIJZ29vZ2xlLnJvgglnb29n +bGUucnOCCWdvb2dsZS5ydYIJZ29vZ2xlLnJ3gglnb29nbGUuc2OCCWdvb2dsZS5z +ZYIJZ29vZ2xlLnNogglnb29nbGUuc2mCCWdvb2dsZS5za4IJZ29vZ2xlLnNtggln +b29nbGUuc26CCWdvb2dsZS5zb4IJZ29vZ2xlLnN0gglnb29nbGUudGSCCWdvb2ds +ZS50Z4IJZ29vZ2xlLnRrgglnb29nbGUudGyCCWdvb2dsZS50bYIJZ29vZ2xlLnRu +gglnb29nbGUudG+CCWdvb2dsZS50cIIJZ29vZ2xlLnR0gglnb29nbGUudXOCCWdv +b2dsZS51eoIJZ29vZ2xlLnZngglnb29nbGUudnWCCWdvb2dsZS53czANBgkqhkiG +9w0BAQUFAAOBgQCROJdKT00d96BpNG4j3Xf5Kz7kJENMTYtgsGQW5E6y2yjRaguD +LPO+y4IH9KiVXD+qO8koye9yOMNawN9r/DFQd+t2nDmvlpcwJBNguiuqxl+rJaU8 +KKgswikGaaM4z+i4vHuXcCKZtM/ELAaJlSaBPip4GBAkgv7D9hwh+sWvYA== +-----END CERTIFICATE----- diff --git a/fuzz/corpora/bignum/da39a3ee5e6b4b0d3255bfef95601890afd80709 b/test/recipes/81-test_cmp_cli_data/Mock/empty.txt similarity index 100% copy from fuzz/corpora/bignum/da39a3ee5e6b4b0d3255bfef95601890afd80709 copy to test/recipes/81-test_cmp_cli_data/Mock/empty.txt diff --git a/test/recipes/81-test_cmp_cli_data/Mock/issuing.crt b/test/recipes/81-test_cmp_cli_data/Mock/issuing.crt new file mode 100644 index 0000000000..ebecbb79cd --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/issuing.crt @@ -0,0 +1,45 @@ +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = subinterCA +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- + +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = interCA +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- diff --git a/test/certs/leaf.key b/test/recipes/81-test_cmp_cli_data/Mock/new.key old mode 100644 new mode 100755 similarity index 100% copy from test/certs/leaf.key copy to test/recipes/81-test_cmp_cli_data/Mock/new.key diff --git a/test/recipes/81-test_cmp_cli_data/Mock/new_pass_12345.key b/test/recipes/81-test_cmp_cli_data/Mock/new_pass_12345.key new file mode 100644 index 0000000000..e1aabfeb79 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/new_pass_12345.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIuH8X1xWl9ygCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCw27UHDuBtxWa928AXEEb1BIIE +0A/aH/nMGoifA4TKpLg1SobskugzWV7+N2qh3j9LZrz6GxB9jR64JBx8+eKBu5lv +VeMp/cIuGZscJ56QFZ01tTEyIiP1eeD68eQol2n7KEwk9DKkR2QbQuLDOaR4voqM +rm02uehLnNPJ7d81CrgfqIRi5OF4cWVV20jN7pQMxn8KqW4OYPdOrV1i6mTnsbNz +M5hL9YMud4wppWwA93MLD4TGvQBQSTvreYtLNy1atq1uK4k2KZh2tw/CTNiCo47R +N6Ft+CDJblikodpj/a6ZPJ84qBMonTbc7IMvkeWP0mnzA25ohOW7RfhgWzz/mfx3 +/ypX8xqLd8JzmdRFOcc5MFdVcYPmgFzFVtEJ0bBZx6WCW+6OszLkt/7p7raRKirA +/zJJSBmEvQKvwtZ6I/rG6SqMFiTseRuWq0sXa1NX2zlH9y+g68K+7Bt5816l93WD +p0GQgWxXV2J+QJ3fGvxMdQG7qmGWx6dc6yZkFw9e94sTHH74fShTv53OekCgWg2B +58pFBTK9NGtiG5LawtDKMqlYcSKvfqjvKwDokQS104DwM+om0QBLTH+RRxh05jYv +2hx1uwSXoo8oO+AYaYsEQE8z7mYxQr5Ea1gKbtyYPE0Eo5rrH9fYzXN8A1LH7wbL +ywQIZq/lthuJGarTPCFjoHrPW9O+FiQBLsn5Ej2VVm2MQpS3v6m7SnHTWBaPZvkq +GEGw/MZiwkzyULsg7zRKfnNhYBfxdg+gmwIR6x1e4vT6hAFjZbvn1eOlFTLqIBpE +XQCqxaITtW6bCEhvl/c0AKkAWM39XEs/ff1giYza+6SLgLQObHApp+Q/Hk3PaUDq +Wnm/5w8IyQcGDAik0f6JqbQ+licBk5lHlOifO0GFKqePlKLY/Mvx9al2UflzOydG +u9BpXx8sLooLuyycXFhgpZZLp19+79KgPm+ZrXKlKKwTDQwuB+eGxr2wKWCbJb2y +gmnBCtml5apTQx+l630GldMjkhwxOSZJoXy6XKQew85L/J9Jknta3bjGbyL2lEeW +/gfT+L6WrmG3Hf4xGhpkkx6UITzujJbE2/YyxJ+sXlRuYd4ld0Hfn6Ihsajknj8G +jvLb77FvgNndf5SXlqU3sMGcOPizQkMr/AmtHPzBLT8O6OxpeAOWzG3jOvznRsmZ +27nmW4cM/6t/86PvnAssPETFcrC3GqFYWnzdVaWunCz5zn4xIot3633VGR1lbxX4 +kTQLBzgBjKuajgVim5Q4obfaqnJEvHkbJaAFJg0y6uId2RIzYo5/onHrVOQR5ulB +qyR8YJjWu3pyq8t5q9Iw3L+pWDOh4AH7/ay0IBu/qxapvybqEXyol3kAJIsY0AKZ +Y5dPA4duWjW0MHNDgliAssKr2t3CTALU9nrBVX1fEPR4Y05JZ9f4OIueu/IGdDIE +snLdqtkY0sOTma9FhKDv1RwsumT/UfOqUJ3ZSJCaKgE/RnzS3YN+j5BYv788micZ +S9nl5KX+q/VSVXxial0nxkGiqs73mASF5JP4iarRihSntGMvn4PPB7Oid5SVLrqk +JFFy7pjL8xuERx0hlShUl2q8/C3DSi0u+QkIhNrUBKZRADzNDkJcfWmKwbhq7HPp +ghzvaDrFtH/4o8t7kd+TVdKjnS0cna43Sj94w3J5/y5Y +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/recipes/81-test_cmp_cli_data/Mock/random.bin b/test/recipes/81-test_cmp_cli_data/Mock/random.bin new file mode 100644 index 0000000000..1df23d4da0 Binary files /dev/null and b/test/recipes/81-test_cmp_cli_data/Mock/random.bin differ diff --git a/test/recipes/81-test_cmp_cli_data/Mock/root.crt b/test/recipes/81-test_cmp_cli_data/Mock/root.crt new file mode 100644 index 0000000000..30fb8317e4 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/root.crt @@ -0,0 +1,22 @@ +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootCA +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa +Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM +BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf ++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i +xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO +rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU +34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL +r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2 +QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf +ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w +DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0 +mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ +WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI +qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0 +GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT +JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ= +-----END CERTIFICATE----- diff --git a/test/recipes/81-test_cmp_cli_data/Mock/server.cnf b/test/recipes/81-test_cmp_cli_data/Mock/server.cnf new file mode 100644 index 0000000000..af0f0f0cf1 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/server.cnf @@ -0,0 +1,16 @@ +[cmp] # mock server configuration + +port = 1700 +srv_secret = pass:test +srv_cert = server.crt +srv_key = server.key + +#accept_unprotected +no_check_time = 1 +srv_trusted = signer_root.crt + +rsp_cert = signer_only.crt +rsp_capubs = signer_root.crt +rsp_extracerts = signer_issuing.crt + + diff --git a/test/recipes/81-test_cmp_cli_data/Mock/server.crt b/test/recipes/81-test_cmp_cli_data/Mock/server.crt new file mode 100644 index 0000000000..31d9cc9c09 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/server.crt @@ -0,0 +1,19 @@ + Subject: O = openssl_cmp + Issuer: O = openssl_cmp +-----BEGIN CERTIFICATE----- +MIICpTCCAY2gAwIBAgIBATANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQKDAtvcGVu +c3NsX2NtcDAeFw0xNzEyMjAxMzA0MDBaFw0xODEyMjAxMzA0MDBaMBYxFDASBgNV +BAoMC29wZW5zc2xfY21wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +4ckRrH0UWmIJFj99kBqvCipGjJRAaPkdvWjdDQLglTpI3eZAJHnq0ypW/PZccrWj +o7mxuvAStEYWF+5Jx6ZFmAsC1K0NNebSAZQoLWYZqiOzkfVVpLicMnItNFElfCoh +BzPCYmF5UlC5yp9PSUEfNwPJqDIRMtw+IlVUV3AJw9TJ3uuWq/vWW9r96/gBKKdd +mj/q2gGT8RC6LxEaolTbhfPbHaA1DFpv1WQFb3oAV3Wq14SOZf9bH1olBVsmBMsU +shFEw5MXVrNCv2moM4HtITMyjvZe7eIwHzSzf6dvQjERG6GvZ/i5KOhaqgJCnRKd +HHzijz9cLec5p9NSOuC1OwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQDGUXpFCBkV +WgPrBfZyBwt6VCjWB/e67q4IdcKMfDa4hwSquah1AyXHI0PlC/qitnoSx2+7f7pY +TEOay/3eEPUl1J5tdPF2Vg56Dw8jdhSkMwO7bXKDEE3R6o6jaa4ECgxwQtdGHmNU +A41PgKX76yEXku803ptO39/UR7i7Ye3MbyAmWE+PvixJYUbxd3fqz5fsaJqTCzAy +AT9hrr4uu8J7m3LYaYXo4LVL4jw5UsP5bIYtpmmEBfy9GhpUqH5/LzBNij7y3ziE +T59wHkzawAQDHsBPuCe07DFtlzqWWvaih0TQAw9MZ2tbyK9jt7P80Rqt9CwpM/i9 +jQYqSl/ix5hn +-----END CERTIFICATE----- diff --git a/test/recipes/65-test_cmp_client_data/server.key b/test/recipes/81-test_cmp_cli_data/Mock/server.key similarity index 100% copy from test/recipes/65-test_cmp_client_data/server.key copy to test/recipes/81-test_cmp_cli_data/Mock/server.key diff --git a/test/recipes/81-test_cmp_cli_data/Mock/signer.crt b/test/recipes/81-test_cmp_cli_data/Mock/signer.crt new file mode 100644 index 0000000000..cb72e33bff --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/signer.crt @@ -0,0 +1,68 @@ +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = leaf +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIJAKRNsDKacUqNMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCnN1YmludGVyQ0EwHhcNMTUwNzAyMTMx +OTQ5WhcNMzUwNzAyMTMxOTQ5WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYD +VQQDEwRsZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/ +BKA70LtQJdwVGSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTI +wRxP/dtVQLjc+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRB +ViWHFExP7CwTkXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoY +jA5AEZvK4IXLwOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCt +LFTJELf3fwtRJLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIK +fVtFjUWs8GPobQIDAQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQcHcT+8SVG +IRlN9YTuM9rlz7UZfzAfBgNVHSMEGDAWgBTpZ30QdMGarrhMPwk+HHAV3R8aTzAN +BgkqhkiG9w0BAQsFAAOCAQEAGjmSkF8is+v0/RLcnSRiCXENz+yNi4pFCAt6dOtT +6Gtpqa1tY5It9lVppfWb26JrygMIzOr/fB0r1Q7FtZ/7Ft3P6IXVdk3GDO0QsORD +2dRAejhYpc5c7joHxAw9oRfKrEqE+ihVPUTcfcIuBaalvuhkpQRmKP71ws5DVzOw +QhnMd0TtIrbKHaNQ4kNsmSY5fQolwB0LtNfTus7OEFdcZWhOXrWImKXN9jewPKdV +mSG34NfXOnA6qx0eQg06z+TkdrptH6j1Va2vS1/bL+h1GxjpTHlvTGaZYxaloIjw +y/EzY5jygRoABnR3eBm15CYZwwKL9izIq1H3OhymEi/Ycg== +-----END CERTIFICATE----- + +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = subinterCA +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- + +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = interCA +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- diff --git a/test/certs/leaf.key b/test/recipes/81-test_cmp_cli_data/Mock/signer.key old mode 100644 new mode 100755 similarity index 100% copy from test/certs/leaf.key copy to test/recipes/81-test_cmp_cli_data/Mock/signer.key diff --git a/test/recipes/81-test_cmp_cli_data/Mock/signer.p12 b/test/recipes/81-test_cmp_cli_data/Mock/signer.p12 new file mode 100644 index 0000000000..6eab305fde Binary files /dev/null and b/test/recipes/81-test_cmp_cli_data/Mock/signer.p12 differ diff --git a/test/recipes/81-test_cmp_cli_data/Mock/signer_issuing.crt b/test/recipes/81-test_cmp_cli_data/Mock/signer_issuing.crt new file mode 100644 index 0000000000..ebecbb79cd --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/signer_issuing.crt @@ -0,0 +1,45 @@ +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = subinterCA +-----BEGIN CERTIFICATE----- +MIIDhDCCAmygAwIBAgIJAJkv2OGshkmUMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMTB2ludGVyQ0EwHhcNMTUwNzAyMTMxODIz +WhcNMzUwNzAyMTMxODIzWjBaMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYDVQQD +EwpzdWJpbnRlckNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/zQj +vhbU7RWDsRaEkVUBZWR/PqZ49GoE9p3OyRN4pkt1c1yb2ARVkYZP5e9gHb04wPVz +2+FYy+2mNkl+uAZbcK5w5fWO3WJIEn57he4MkWu3ew1nJeSv3na8gyOoCheG64kW +VbA2YL92mR7QoSCo4SP7RmykLrwj6TlDxqgH6DxKSD/CpdCHE3DKAzAiri3GVc90 +OJAszYHlje4/maVIOayGROVET3xa5cbtRJl8IBgmqhMywtz4hhY/XZTvdEn290aL +857Hk7JjogA7mLKi07yKzknMxHV+k6JX7xJEttkcNQRFHONWZG1T4mRY1Drh6VbJ +Gb+0GNIldNLQqigkfwIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTp +Z30QdMGarrhMPwk+HHAV3R8aTzAfBgNVHSMEGDAWgBQY+tYjuY9dXRN9Po+okcfZ +YcAXLjANBgkqhkiG9w0BAQsFAAOCAQEAgVUsOf9rdHlQDw4clP8GMY7QahfXbvd8 +8o++P18KeInQXH6+sCg0axZXzhOmKwn+Ina3EsOP7xk4aKIYwJ4A1xBuT7fKxquQ +pbJyjkEBsNRVLC9t4gOA0FC791v5bOCZjyff5uN+hy8r0828nVxha6CKLqwrPd+E +mC7DtilSZIgO2vwbTBL6ifmw9n1dd/Bl8Wdjnl7YJqTIf0Ozc2SZSMRUq9ryn4Wq +YrjRl8NwioGb1LfjEJ0wJi2ngL3IgaN94qmDn10OJs8hlsufwP1n+Bca3fsl0m5U +gUMG+CXxbF0kdCKZ9kQb1MJE4vOk6zfyBGQndmQnxHjt5botI/xpXg== +-----END CERTIFICATE----- + +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = interCA +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgIJANnoWlLlEsTgMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE3MDVa +Fw0zNTA3MDIxMzE3MDVaMFcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMT +B2ludGVyQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7s0ejvpQO +nvfwD+e4R+9WQovtrsqOTw8khiREqi5JlmAFbpDEFam18npRkt6gOcGMnjuFzuz6 +iEuQmeeyh0BqWAwpMgWMMteEzLOAaqkEl//J2+WgRbA/8pmwHfbPW/d+f3bp64Fo +D1hQAenBzXmLxVohEQ9BA+xEDRkL/cA3Y+k/O1C9ORhSQrJNsB9aE3zKbFHd9mOm +H4aNSsF8On3SqlRVOCQine5c6ACSd0HUEjYy9aObqY47ySNULbzVq5y6VOjMs0W+ +2G/XqrcVkxzf9bVqyVBrrAJrnb35/y/iK0zWgJBP+HXhwr5mMTvNuEirBeVYuz+6 +hUerUbuJhr0FAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFBj61iO5 +j11dE30+j6iRx9lhwBcuMB8GA1UdIwQYMBaAFIVWiTXinwAa4YYDC0uvdhJrM239 +MA0GCSqGSIb3DQEBCwUAA4IBAQDAU0MvL/yZpmibhxUsoSsa97UJbejn5IbxpPzZ +4WHw8lsoUGs12ZHzQJ9LxkZVeuccFXy9yFEHW56GTlkBmD2qrddlmQCfQ3m8jtZ9 +Hh5feKAyrqfmfsWF5QPjAmdj/MFdq+yMJVosDftkmUmaBHjzbvbcq1sWh/6drH8U +7pdYRpfeEY8dHSU6FHwVN/H8VaBB7vYYc2wXwtk8On7z2ocIVHn9RPkcLwmwJjb/ +e4jmcYiyZev22KXQudeHc4w6crWiEFkVspomn5PqDmza3rkdB3baXFVZ6sd23ufU +wjkiKKtwRBwU+5tCCagQZoeQ5dZXQThkiH2XEIOCOLxyD/tb +-----END CERTIFICATE----- diff --git a/test/certs/leaf.pem b/test/recipes/81-test_cmp_cli_data/Mock/signer_only.crt old mode 100644 new mode 100755 similarity index 100% copy from test/certs/leaf.pem copy to test/recipes/81-test_cmp_cli_data/Mock/signer_only.crt diff --git a/test/recipes/81-test_cmp_cli_data/Mock/signer_root.crt b/test/recipes/81-test_cmp_cli_data/Mock/signer_root.crt new file mode 100644 index 0000000000..30fb8317e4 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/signer_root.crt @@ -0,0 +1,22 @@ +Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootCA +-----BEGIN CERTIFICATE----- +MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa +Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM +BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf ++3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i +xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO +rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU +34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL +r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2 +QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf +ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w +DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0 +mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ +WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI +qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0 +GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT +JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ= +-----END CERTIFICATE----- diff --git a/test/recipes/81-test_cmp_cli_data/Mock/test.cnf b/test/recipes/81-test_cmp_cli_data/Mock/test.cnf new file mode 100644 index 0000000000..fed079fef5 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/test.cnf @@ -0,0 +1,140 @@ +[default] +batch = 1 # do not use stdin +total_timeout = 8 # prevent, e.g., infinite polling due to error +trusted = trusted.crt +newkey = new.key +newkeypass = +cmd = ir +out_trusted = root.crt +certout = test.cert.pem +policies = certificatePolicies +#policy_oids = 1.2.3.4 +#policy_oids_critical = 1 +#verbosity = 7 + +############################# server configurations + +[Mock] # the built-in OpenSSL CMP mock server +no_check_time = 1 +server_host = 127.0.0.1 # localhost +server_port = 1700 +server_tls = 0 +server_cert = server.crt +server = $server_host:$server_port +server_path = pkix/ +path = $server_path +ca_dn = /O=openssl_cmp +recipient = $ca_dn +server_dn = /O=openssl_cmp +expect_sender = $server_dn +subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf" +newkey = signer.key +out_trusted = signer_root.crt +kur_port = 1700 +pbm_port = 1700 +pbm_ref = +pbm_secret = pass:test +cert = signer.crt +key = signer.p12 +keypass = pass:12345 +ignore_keyusage = 0 +column = 0 +sleep = 0 + +############################# aspects + +[connection] +msg_timeout = 5 +total_timeout = +# reset any TLS options to default: +tls_used = +tls_cert = +tls_key = +tls_keypass = +tls_trusted = +tls_host = + +[tls] +server = +tls_used = +tls_cert = +tls_key = +tls_keypass = +tls_trusted = +tls_host = + +[credentials] +ref = +secret = +cert = +key = +keypass = +extracerts = +digest = +unprotected_requests = + +[verification] +#expect_sender = +srvcert = +trusted = +untrusted = +#unprotected_errors = +extracertsout = + +[commands] +cmd = +cacertsout = +infotype = +oldcert = +revreason = +geninfo = + +[enrollment] +cmd = +newkey = +newkeypass = +#subject = +issuer = +days = +reqexts = +sans = +san_nodefault = 0 +#popo = +implicit_confirm = 0 +disable_confirm = 0 +certout = +out_trusted = +oldcert = +csr = + +############################# extra cert template contents + +[certificatePolicies] +certificatePolicies = "critical, @pkiPolicy" + +[pkiPolicy] +policyIdentifier = 1.2.3.4 + +[reqexts] +basicConstraints = CA:FALSE +#basicConstraints = critical, CA:TRUE +keyUsage = critical, digitalSignature # keyAgreement, keyEncipherment, nonRepudiation +extendedKeyUsage = critical, clientAuth # serverAuth, codeSigning +#crlDistributionPoints = URI:http: +#authorityInfoAccess = URI:http: +subjectAltName = @alt_names + +[alt_names] +DNS.0 = localhost +IP.0 = 127.0.0.1 +IP.1 = 192.168.1.1 +URI.0 = http://192.168.0.2 + +[reqexts_invalidkey] +subjectAltName = @alt_names_3 + +[alt_names_3] +DNS.0 = localhost +DNS.1 = example.com +DNS.2 = example2.com +DNS__3 = example3.com diff --git a/test/recipes/81-test_cmp_cli_data/Mock/trusted.crt b/test/recipes/81-test_cmp_cli_data/Mock/trusted.crt new file mode 100644 index 0000000000..31d9cc9c09 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/Mock/trusted.crt @@ -0,0 +1,19 @@ + Subject: O = openssl_cmp + Issuer: O = openssl_cmp +-----BEGIN CERTIFICATE----- +MIICpTCCAY2gAwIBAgIBATANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQKDAtvcGVu +c3NsX2NtcDAeFw0xNzEyMjAxMzA0MDBaFw0xODEyMjAxMzA0MDBaMBYxFDASBgNV +BAoMC29wZW5zc2xfY21wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +4ckRrH0UWmIJFj99kBqvCipGjJRAaPkdvWjdDQLglTpI3eZAJHnq0ypW/PZccrWj +o7mxuvAStEYWF+5Jx6ZFmAsC1K0NNebSAZQoLWYZqiOzkfVVpLicMnItNFElfCoh +BzPCYmF5UlC5yp9PSUEfNwPJqDIRMtw+IlVUV3AJw9TJ3uuWq/vWW9r96/gBKKdd +mj/q2gGT8RC6LxEaolTbhfPbHaA1DFpv1WQFb3oAV3Wq14SOZf9bH1olBVsmBMsU +shFEw5MXVrNCv2moM4HtITMyjvZe7eIwHzSzf6dvQjERG6GvZ/i5KOhaqgJCnRKd +HHzijz9cLec5p9NSOuC1OwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQDGUXpFCBkV +WgPrBfZyBwt6VCjWB/e67q4IdcKMfDa4hwSquah1AyXHI0PlC/qitnoSx2+7f7pY +TEOay/3eEPUl1J5tdPF2Vg56Dw8jdhSkMwO7bXKDEE3R6o6jaa4ECgxwQtdGHmNU +A41PgKX76yEXku803ptO39/UR7i7Ye3MbyAmWE+PvixJYUbxd3fqz5fsaJqTCzAy +AT9hrr4uu8J7m3LYaYXo4LVL4jw5UsP5bIYtpmmEBfy9GhpUqH5/LzBNij7y3ziE +T59wHkzawAQDHsBPuCe07DFtlzqWWvaih0TQAw9MZ2tbyK9jt7P80Rqt9CwpM/i9 +jQYqSl/ix5hn +-----END CERTIFICATE----- diff --git a/test/recipes/81-test_cmp_cli_data/test_commands.csv b/test/recipes/81-test_cmp_cli_data/test_commands.csv new file mode 100644 index 0000000000..70389be5f2 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/test_commands.csv @@ -0,0 +1,54 @@ +expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infotype,val,, -oldcert,val, -revreason,int, -geninfo,val +,,,,,Generic,message options:,,,,,,,,Misc,request options:,, +,,,,,,,,,,,,,,,,, +0,minimum options, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,, +1,no cmd, -section,,BLANK,,,BLANK,,,BLANK,,,BLANK,,BLANK, +1,cmd missing arg, -section,, -cmd,,,BLANK,,,BLANK,,,BLANK,,BLANK, +1,cmd undefined , -section,, -cmd,abc,,BLANK,,,BLANK,,,BLANK,,BLANK, +1,cmd incomplete, -section,, -cmd,i,,BLANK,,,BLANK,,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,, +0,no cacertsout, -section,, -cmd,ir,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,cacertsout given, -section,, -cmd,ir,, -cacertsout,test.cacerts.pem,,BLANK,,,BLANK,,BLANK, +1,cacertsout missing arg, -section,, -cmd,ir,, -cacertsout,,,BLANK,,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,, +0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,revreason unspecified, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,0 +0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,revreason keyCompromise, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,1 +0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,revreason CACompromise, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,2 +0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,revreason affiliationChanged, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,3 +0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,revreason superseded, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,4 +0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,revreason cessationOfOperation, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,5 +0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,revreason certificateHold, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,6 +0,revreason removeFromCRL, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,8 +1,revreason 7 (invalid), -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,7 +0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,revreason priviligeWithdrawn, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,9 +0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +0,revreason AACompromise, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,10 +0, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK, +1,without oldcert, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK, +1,oldcert is directory, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,dir/,BLANK, +1,oldcert file nonexistent, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,idontexist,BLANK, +1,empty oldcert file, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,empty.txt,BLANK, +1,oldcert and key do not match, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,trusted.crt, -revreason,0 +1,revreason 11 (invalid), -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,11 +1,revreason string, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,abc +1,revreason out of integer range, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,test.cert.pem, -revreason,010000000000000000000 +,,,,,,,,,,,,,,,,, +0,ir + infotype, -section,, -cmd,ir,,BLANK,,, -infotype,signKeyPairTypes,,BLANK,,BLANK, +1,genm with missing infotype value, -section,, -cmd,genm,,BLANK,,, -infotype,,,BLANK,,BLANK, +1,genm with invalid infotype value, -section,, -cmd,genm,,BLANK,,, -infotype,asdf,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,, +0,geninfo, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int:987,BLANK,,BLANK, +1,geninfo missing argument, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,,,,, +1,geninfo bad syntax: leading '.', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,.1.2.3:int:987,BLANK,,BLANK, +1,geninfo bad syntax: missing ':', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int987,,,, +1,geninfo bad syntax: double ':', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3:int::987,,,, +1,geninfo bad syntax: missing ':int', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -geninfo,1.2.3,,,, diff --git a/test/recipes/81-test_cmp_cli_data/test_connection.csv b/test/recipes/81-test_cmp_cli_data/test_connection.csv new file mode 100644 index 0000000000..eceac6eb94 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/test_connection.csv @@ -0,0 +1,43 @@ +expected,description, -section,val, -server,val, -proxy,val, -path,val, -msg_timeout,int, -total_timeout,int, -tls_used,noarg, -no_proxy,val +,Message transfer options:,,,,,,,,,,,, +,,,,,,,,,,,,,,,,,,,,,,,,, +0,default config, -section,,,,,,,,BLANK,,BLANK,,BLANK,,BLANK, +TBD,Domain name, -section,, -server,_SERVER_CN:_SERVER_PORT,,,, +TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,, +,,,,,,,,,,,,,,,,,,,,,,,,, +1,wrong server, -section,, -server,example.com:_SERVER_PORT,,,,, -msg_timeout,1,BLANK,,BLANK,,BLANK, +1,wrong server port, -section,, -server,_SERVER_HOST:99,,,,, -msg_timeout,1,BLANK,,BLANK,,BLANK, +1,server default port, -section,, -server,_SERVER_HOST,,,,, -msg_timeout,1,BLANK,,BLANK,,BLANK, +1,server port out of range, -section,, -server,_SERVER_HOST:65536,,,,,BLANK,,BLANK,,BLANK,,BLANK, +1,server port negative, -section,, -server,_SERVER_HOST:-10,,,,,BLANK,,BLANK,,BLANK,,BLANK, +1,server missing argument, -section,, -server,,,,,,BLANK,,BLANK,,BLANK,,BLANK, +1,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,BLANK,,BLANK,,BLANK, +1,server IP address bad syntax: double '.', -section,, -server,127.0.0..1:_SERVER_PORT,,,,,BLANK,,BLANK,,BLANK,,BLANK, +1,server domain bad syntax: double '.', -section,, -server,_SERVER_HOST..com:_SERVER_PORT,,,,,BLANK,,BLANK,,BLANK,,BLANK, +1,server port bad syntax: missing ':', -section,, -server,_SERVER_HOST.80,,,,,BLANK,,BLANK,,BLANK,,BLANK, +1,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,BLANK,,BLANK,,BLANK, +1,server with TLS port, -section,, -server,_SERVER_HOST:_SERVER_TLS,,,,,BLANK,,BLANK,,BLANK,,BLANK, +TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,BLANK,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,,,,, +1,proxy bad ipv4 address syntax: extra cell, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.0.0:8888,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com +1,proxy port out of range, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:65536,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com +1,proxy IP address bad syntax: double '.', -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0..1:8888,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com +1,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com +1,proxy missing argument, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com +,,,,,,,,,,,,,,,,,,,,,,,,, +1,path missing argument, -section,,,,,, -path,,BLANK,,BLANK,,BLANK,,BLANK, +1,path wrong, -section,,,,,, -path,/publicweb/cmp/example,BLANK,,BLANK,,BLANK,,BLANK, +0,path with additional '/'s fine according to RFC 3986, -section,,,,,, -path,/_SERVER_PATH////,BLANK,,BLANK,,BLANK,,BLANK +1,path mixed case, -section,,,,,, -path,pKiX/,BLANK,,BLANK,,BLANK,,BLANK, +1,path upper case, -section,,,,,, -path,PKIX/,BLANK,,BLANK,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,,,,, +1,msg_timeout missing argument, -section,,,,,,,, -msg_timeout,,BLANK,,BLANK,,BLANK, +1,msg_timeout negative, -section,,,,,,,, -msg_timeout,-5,BLANK,,BLANK,,BLANK, +0,msg_timeout 5, -section,,,,,,,, -msg_timeout,5,BLANK,,BLANK,,BLANK, +0,msg_timeout 0, -section,,,,,,,, -msg_timeout,0,BLANK,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,,,,, +1,total_timeout missing argument, -section,,,,,,,,BLANK,, -total_timeout,,BLANK,,BLANK, +1,total_timeout negative, -section,,,,,,,,BLANK,, -total_timeout,-5,BLANK,,BLANK, +0,total_timeout 10, -section,,,,,,,,BLANK,, -total_timeout,10,BLANK,,BLANK, +0,total_timeout 0, -section,,,,,,,,BLANK,, -total_timeout,0,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,,,,, diff --git a/test/recipes/81-test_cmp_cli_data/test_credentials.csv b/test/recipes/81-test_cmp_cli_data/test_credentials.csv new file mode 100644 index 0000000000..b54862ba5d --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/test_credentials.csv @@ -0,0 +1,46 @@ +expected,description, -section,val, -ref,val, -secret,val, -cert,val, -key,val, -keypass,val, -extracerts,val, BLANK, BLANK, -digest,val, -unprotected_requests,noarg +,,,,,,,,,,,,,,,,,,,,,, +0,valid secret - wrong cert/key ignored, -section,, -ref,_PBM_REF, -secret,_PBM_SECRET, -cert,root.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,-server,_SERVER_HOST:_PBM_PORT,-expect_sender,"""" +1,secret missing arg, -section,,BLANK,, -secret,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK, +1,wrong secret without ref, -section,,BLANK,, -secret,pass:wrong,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK, +1,wrong secret - correct cert, -section,,BLANK,, -secret,pass:wrong, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK,-server,_SERVER_HOST:_PBM_PORT,-expect_sender,"""" +,,,,,,,,,,,,,,,,,,,,,, +1,ref missing arg, -section,, -ref,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK, +0,empty ref but correct cert, -section,, -ref,"""",BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +0,wrong ref but correct cert, -section,, -ref,wrong,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,, +0,valid cert and key and keypass, -section,,BLANK,,-secret,"""", -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +1,cert missing arg, -section,,BLANK,,BLANK,, -cert,, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +1,key missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +1,keypass missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,,BLANK,,BLANK,,BLANK,,BLANK, +1,keypass empty string, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:,BLANK,,BLANK,,BLANK,,BLANK, +0,keypass no prefix, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,12345,BLANK,,BLANK,,BLANK,,BLANK, +1,keypass prefix wrong, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,:12345,BLANK,,BLANK,,BLANK,,BLANK, +1,wrong keypass, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:123456,BLANK,,BLANK,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,, +1,no cert, -section,,BLANK,,BLANK,,BLANK,, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +1,no key, -section,,BLANK,,BLANK,, -cert,signer.crt,BLANK,, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +1,no keypass, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12,BLANK,,BLANK,,BLANK,,BLANK,,BLANK, +1,wrong cert, -section,,BLANK,,BLANK,, -cert,trusted.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +1,cert file does not exist, -section,,BLANK,,BLANK,, -cert,idontexist, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +1,cert file random content, -section,,BLANK,,BLANK,, -cert,random.bin, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +1,empty cert file, -section,,BLANK,,BLANK,, -cert,empty.txt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +1,key file random content, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,random.bin, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +1,random keypass file, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,file:random.bin,BLANK,,BLANK,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,, +0,correct extraCerts, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,issuing.crt,BLANK,,BLANK,,BLANK, +0,extracerts big file, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,big_issuing.crt,BLANK,,BLANK,,BLANK, +1,extracerts missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,,BLANK,,BLANK,,BLANK, +1,extracerts empty file, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,empty.txt,BLANK,,BLANK,,BLANK, +1,extracerts random content, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,random.bin,BLANK,,BLANK,,BLANK, +1,extracerts file does not exist, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345, -extracerts,idontexist,BLANK,,BLANK,,BLANK, +,,,,,,,,,,,,,,,,,,,,,, +0,default sha256, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK,,BLANK, +0,digest sha256, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha256,BLANK, +0,digest sha512, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha512,BLANK, +1,digest missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,,BLANK, +1,digest non-existing, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha7,BLANK, +1,digest obsolete, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,md2,BLANK, +1,multiple digests, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,, -digest,sha256 sha512,BLANK, +,,,,,,,,,,,,,,,,,,,,,, +1,unprotected request, -section,,BLANK,,BLANK,, -cert,"""", -key,"""", -keypass,"""",BLANK,,BLANK,,BLANK,, -unprotected_requests, diff --git a/test/recipes/81-test_cmp_cli_data/test_enrollment.csv b/test/recipes/81-test_cmp_cli_data/test_enrollment.csv new file mode 100644 index 0000000000..64fb3fdcd6 --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/test_enrollment.csv @@ -0,0 +1,112 @@ +expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val, -subject,val, -issuer,val, -days,int, -reqexts,val, -sans,spec, -san_nodefault,noarg, -popo,int, -implicit_confirm,noarg, -disable_confirm,noarg, -certout,val,val2, -out_trusted,val,val2, -oldcert,val, -csr,val, -revreason,val +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Misc,request options:,,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,newkey, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkey missing arg, -section,, -cmd,ir, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkey is directory, -section,, -cmd,ir, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkey too many parameters, -section,, -cmd,ir, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkey is an RSA key, -section,, -cmd,ir, -newkey,test.RSA2048.pem,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,newkeypass, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass:12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,no newkeypass, -section,, -cmd,ir, -newkey,new_pass_12345.key,,BLANK,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,read newkeypass from file, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,file:12345.txt,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,missing newkeypass parameter, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,colon missing and no passwd, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkeypass double colon, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass::12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkeypass double passwd, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,pass:12345:12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkeypass wrongfile, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,file:random.bin,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,wrong password for encrypted pem, -section,, -cmd,ir, -newkey,cmp --help ,, -newkeypass,pass:wrong,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,newkeypass ignored, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,abcdefghijklmnop,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,newkeypass invalid, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,fp:4,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,newkeypass no prefix, -section,, -cmd,ir, -newkey,new_pass_12345.key,, -newkeypass,12345,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +1,subject argument missing, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:, -subject,BLANK,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,issuer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,, -issuer,_CA_DN,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,issuer missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,, -issuer,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,days 1, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,days 0, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,0,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,days 36500, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,36500,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,days missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,days negative, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,-10,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,days no not integer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1.5,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,days out of range, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,0x10000000000000000,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,reqexts, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,, -reqexts,reqexts,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,reqexts missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,reqexts non-exisitng section, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,invalid,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,reqexts malformed section, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,, -reqexts,reqexts_invalidkey,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,reqexts and sans, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,, -reqexts,reqexts, -sans,localhost,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,sans 1 dns, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans 1 dns critical, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost critical,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans critical, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,critical,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans 2 dns, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost test,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans 1 dns 1 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,localhost 127.0.0.1,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans 2 ip, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,sans 1 uri, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,https://www.sample.com,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,san_nodefault, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4, -san_nodefault,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,san default test.cert.pem, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,,,BLANK,, -sans,127.0.0.1 1.2.3.4,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,popo SIGNATURE, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,1,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo RAVERIFIED, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,0,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo too large, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,3,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo too small, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,-3,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo NONE, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,-1,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,popo KEYENC not supported, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -popo,2,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,implicit confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -implicit_confirm,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,implicit confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -implicit_confirm,abc,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,disable_confirm, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,disable_confirm with parameter, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -disable_confirm,abc, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +1,no certout, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,certout missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,certout is directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,dir/,, -out_trusted,root.crt,,BLANK,,BLANK,,, +1,certout too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,abc,def, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,no out_trusted, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,,BLANK,,,BLANK,,BLANK,,, +0,out_trusted bigcert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,big_root.crt,,BLANK,,BLANK,,, +1,out_trusted missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,,,BLANK,,BLANK,,, +1,out_trusted is directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,dir/,,BLANK,,BLANK,,, +1,out_trusted too many parameters, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,abc,def,BLANK,,BLANK,,, +1,out_trusted empty certificate file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,empty.txt,,BLANK,,BLANK,,, +1,out_trusted expired ca certificate, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root_expired.crt,,BLANK,,BLANK,,, +1,out_trusted wrong ca, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,signer.crt,,BLANK,,BLANK,,, +1,out_trusted random input, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,random.bin,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,oldcert ignored, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,, +1,oldcert missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,,BLANK,,, +1,oldcert directory, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,, +1,oldcert non existing file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,, +1,oldcert empty file, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,, +0,oldcert wrong cert, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,trusted.crt,BLANK,,, +1,oldcert random contents, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,random.bin,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,csr ignored for ir, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,test.csr.pem,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +1,p10cr csr missing arg, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,,, +1,p10cr csr directory, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,,, +1,p10cr csr non-existing file, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,idontexist,, +1,p10cr csr empty file, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,empty.txt,, +1,p10cr wrong csr, -section,, -cmd,p10cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,, -csr,wrong.csr.pem,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,ir + ignored revocation, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,5 +1,ir + invalid revreason, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,11 +1,ir + revreason not an integer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,,, -revreason,abc +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,cr command, -section,, -cmd,cr, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, +0,kur command explicit options, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,test.cert.pem, -key,new.key, -extracerts,issuing.crt +0,kur command minimal options, -section,, -cmd,kur,BLANK,,BLANK,, -subject,"""",BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,,BLANK,,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT, -cert,test.cert.pem, -key,new.key, -extracerts,issuing.crt, -secret,"""" +1,kur newkey value missing, -section,, -cmd,kur, -newkey,,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur newkey is directory, -section,, -cmd,kur, -newkey,dir/,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur newkey parameter count no match, -section,, -cmd,kur, -newkey,abc,def, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur newkey missing argument, -section,, -cmd,kur, -newkey,BLANK,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,test.cert.pem,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur oldcert is directory, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,dir/,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur oldcert not existing, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,idontexist,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur empty oldcert file, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -oldcert,empty.txt,BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT +1,kur command without cert and oldcert, -section,, -cmd,kur, -newkey,new.key,, -newkeypass,pass:,,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,, -cert,"""",BLANK,,,,,-server,_SERVER_HOST:_KUR_PORT diff --git a/test/recipes/81-test_cmp_cli_data/test_verification.csv b/test/recipes/81-test_cmp_cli_data/test_verification.csv new file mode 100644 index 0000000000..b53e518c8d --- /dev/null +++ b/test/recipes/81-test_cmp_cli_data/test_verification.csv @@ -0,0 +1,51 @@ +expected,description, -section,val, -recipient,val, -expect_sender,val, -srvcert,val, -trusted,val, -untrusted,val, -ignore_keyusage, -unprotected_errors, -extracertsout,val,val2, -opt1,arg1, -opt2,arg2, -opt3,arg3 +,,,,,Recipient,options:,,,,,,,,,,,,,,,,,,, +,,,,,,,,,,,,,,,,,,,,,,,,, +0,default test, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +,,,,,,,,,,,,,,,,,,,,,,,,, +1,recipient missing arg, -section,, -recipient,,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +0,unknown attribute in recipient name, -section,, -recipient,_CA_DN/ABC=123,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,wrong syntax in recipient name: trailing double '/' after value, -section,, -recipient,_CA_DN//,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,wrong syntax in recipient name: missing '=', -section,, -recipient,/CDE,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,wrong syntax in recipient name: C too long, -section,, -recipient,/CN=ECC Issuing CA v10/OU=For test purpose only/O=CMPforOpenSSL/C=DEE,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +,,,,,,,,,,,,,,,,,,,,,,,,, +0,config default with expected sender, -section,, -recipient,_CA_DN, -expect_sender,_SERVER_DN,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,expected sender missing arg, -section,, -recipient,_CA_DN, -expect_sender,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,wrong expected sender, -section,, -recipient,_CA_DN, -expect_sender,/CN=Sample Cert/OU=R&D/O=Company Ltd./L=Dublin 4/C=IE,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +0,unknown attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,_SERVER_DN/ABC=123,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,extra attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,_SERVER_DN/serialNumber=123,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,double attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,/CN=ECC Issuing CA v10_SERVER_DN,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,missing attribute in expected sender, -section,, -recipient,_CA_DN, -expect_sender,/CN=ECC Issuing CA v10/OU=For test purpose only/C=DE,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,bad syntax in expected sender name: leading double '/', -section,, -recipient,_CA_DN, -expect_sender,//_CA_DN,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,bad syntax in expected sender name: trailing double '/', -section,, -recipient,_CA_DN, -expect_sender,_CA_DN//,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,bad syntax in expected sender name: missing '=', -section,, -recipient,_CA_DN, -expect_sender,/C=DE/CN=ECC Issuing CA v10/OU=For test purpose only/OCMPforOpenSSL,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,expected sender empty attributes, -section,, -recipient,_CA_DN, -expect_sender,/CN=/OU=/O=/C=,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +,,,,,,,,,,,,,,,,,,,,,,,,, +0,explicit srvcert, -section,,,,BLANK,, -srvcert,_SERVER_CERT, -trusted,"""",BLANK,,,, -unprotected_errors,BLANK,,,,,,,, +1,srvcert missing arg, -section,, -recipient,"""",BLANK,, -srvcert,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,wrong srvcert, -section,, -recipient,"""",BLANK,, -srvcert,signer.crt, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,srvcert is empty file, -section,, -recipient,"""",BLANK,, -srvcert,empty.txt, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,srvcert random content, -section,, -recipient,"""",BLANK,, -srvcert,random.bin, -trusted,"""",BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +,,,,,,,,,,,,,,,,,,,,,,,,, +0,no -trusted but srvcert, -section,, -recipient,_CA_DN,BLANK,, -srvcert,_SERVER_CERT,BLANK,,BLANK,,, -unprotected_errors,BLANK,,,,,,,, +1,trusted missing arg, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,wrong trusted cert, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,signer.crt,BLANK,,BLANK, -unprotected_errors,BLANK, -secret,"""", -cert,signer.crt, -key,signer.p12, -keypass,pass:12345 +1,trusted empty file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,empty.txt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,trusted random file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,random.bin,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,trusted file does not exist, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,idontexist,BLANK,,BLANK, -unprotected_errors,BLANK,,,,,,,, +,,,,,,,,,,,,,,,,,,,,,,,,, +1,untrusted missing arg, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,untrusted empty file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,empty.txt,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,untrusted random file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,random.bin,BLANK, -unprotected_errors,BLANK,,,,,,,, +1,untrusted file does not exist, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrusted,idontexist,BLANK, -unprotected_errors,BLANK,,,,,,,, +,,,,,,,,,,,,,,,,,,,,,,,,, +0,ignore key usage, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,, -ignore_keyusage, -unprotected_errors,BLANK,,,,,,,, +1,ignorekeyusage with parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,, -unprotected_errors,BLANK, -ignore_keyusage,1,,,,,, +,,,,,,,,,,,,,,,,,,,,,,,,, +0,no unprotected errors - no errors, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK,BLANK,BLANK,,,,,,,, +1,unprotected_errors with parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK,BLANK,BLANK,,, -unprotected_errors,123,,,, +,,,,,,,,,,,,,,,,,,,,,,,,, +0,extracertsout, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,test.extracerts.pem,,,,,,, +1,extracertsout no parameter, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,,,,,,,, +1,extracertsout directory, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,directory/,,,,,,, +1,extracertsout multiple arguments, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt,BLANK,,BLANK, -unprotected_errors, -extracertsout,abc,def,,,,,, From dev at ddvo.net Sat Jun 13 13:22:38 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Sat, 13 Jun 2020 13:22:38 +0000 Subject: [openssl] master update Message-ID: <1592054558.768755.20217.nullmailer@dev.openssl.org> The branch master has been updated via df4c1d80b2c332e8ea94b95eca0bea8b2e7c19fb (commit) from 168c595b14ff034ec40642ec1cb5d2c77ce82e0e (commit) - Log ----------------------------------------------------------------- commit df4c1d80b2c332e8ea94b95eca0bea8b2e7c19fb Author: Dr. David von Oheimb Date: Tue Jun 9 14:04:49 2020 +0200 Update and extend NOTES.WIN, adding 'Quick start' subsection Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12098) ----------------------------------------------------------------------- Summary of changes: NOTES.PERL | 8 ++- NOTES.WIN | 191 +++++++++++++++++++++++++++++++++++++------------------------ 2 files changed, 120 insertions(+), 79 deletions(-) diff --git a/NOTES.PERL b/NOTES.PERL index 42c6127724..6c1d7c8cb1 100644 --- a/NOTES.PERL +++ b/NOTES.PERL @@ -35,9 +35,11 @@ MinGW and Cygwin. The key recommendation is to use "matching" Perl, one that matches build environment. For example, if you will build on Cygwin be sure to use the Cygwin package manager to install Perl. - For MSYS builds use the MSYS provided Perl. For VC-* builds we - recommend ActiveState Perl, available from - http://www.activestate.com/ActivePerl. + For MSYS builds use the MSYS provided Perl. + For VC-* builds we recommend Strawberry Perl, from http://strawberryperl.com. + An alternative is ActiveState Perl, from http://www.activestate.com/ActivePerl + for which you may need to explicitly select the Perl module Win32/Console.pm + available via https://platform.activestate.com/ActiveState. Notes on Perl on VMS -------------------- diff --git a/NOTES.WIN b/NOTES.WIN index ca033602a5..bc6e3d2c32 100644 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -1,58 +1,74 @@ - NOTES FOR THE WINDOWS PLATFORMS - =============================== - - Windows targets can be classified as "native", ones that use Windows API - directly, and "hosted" which rely on POSIX-compatible layer. "Native" - targets are VC-* (where "VC" stems from abbreviating Microsoft Visual C - compiler) and mingw[64]. "Hosted" platforms are Cygwin and MSYS[2]. Even - though the latter is not directly supported by OpenSSL Team, it's #1 - popular choice for building MinGW targets. In the nutshell MinGW builds - are always cross-compiled. On Linux and Cygwin they look exactly as such - and require --cross-compile-prefix option. While on MSYS[2] it's solved - rather by placing gcc that produces "MinGW binary" code 1st on $PATH. - This is customarily source of confusion. "Hosted" applications "live" in - emulated file system name space with POSIX-y root, mount points, /dev - and even /proc. Confusion is intensified by the fact that MSYS2 shell - (or rather emulated execve(2) call) examines the binary it's about to - start, and if it's found *not* to be linked with MSYS2 POSIX-y thing, - command line arguments that look like file names get translated from - emulated name space to "native". For example '/c/some/where' becomes - 'c:\some\where', '/dev/null' - 'nul'. This creates an illusion that - there is no difference between MSYS2 shell and "MinGW binary", but - there is. Just keep in mind that "MinGW binary" "experiences" Windows - system in exactly same way as one produced by VC, and in its essence - is indistinguishable from the latter. (Which by the way is why - it's referred to in quotes here, as "MinGW binary", it's just as - "native" as it can get.) - - Visual C++ builds, a.k.a. VC-* - ============================== + NOTES FOR WINDOWS PLATFORMS + =========================== + + There are various options to build and run OpenSSL on the Windows platforms. + + "Native" OpenSSL uses the Windows APIs directly at run time. + To build a native OpenSSL you can either use: + + Microsoft Visual C++ (MSVC) C compiler on the command line + or + MinGW cross compiler + run on the GNU-like development environment MSYS2 + or run on Linux or Cygwin + + "Hosted" OpenSSL relies on an external POSIX compatibility layer + for building (using GNU/Unix shell, compiler, and tools) and at run time. + For this option you can use Cygwin. + + + Visual C++ native builds, a.k.a. VC-* + ===================================== Requirement details ------------------- - In addition to the requirements and instructions listed in INSTALL, + In addition to the requirements and instructions listed in INSTALL.md, these are required as well: - - Perl. We recommend ActiveState Perl, available from - https://www.activestate.com/ActivePerl. Another viable alternative - appears to be Strawberry Perl, http://strawberryperl.com. - You also need the perl module Text::Template, available on CPAN. - Please read NOTES.PERL for more information. + - Perl. + We recommend Strawberry Perl, available from http://strawberryperl.com/ + Please read NOTES.PERL for more information, including the use of CPAN. + An alternative is ActiveState Perl, https://www.activestate.com/ActivePerl + for which you may need to explicitly build the Perl module Win32/Console.pm + via https://platform.activestate.com/ActiveState and then download it. + + - Microsoft Visual C compiler. + Since these are proprietary and ever-changing we cannot test them all. + Older versions may not work. Use a recent version wherever possible. + + - Netwide Assembler (NASM), available from https://www.nasm.us + Note that NASM is the only supported assembler. + + Quick start + ----------- + + 1. Install Perl + + 2. Install NASM + + 3. Make sure both Perl and NASM are on your %PATH% + + 4. Use Visual Studio Developer Command Prompt with administrative privileges, + choosing one of its variants depending on the intended architecture. + Or run "cmd" and execute "vcvarsall.bat" with one of the options x86, + x86_amd64, x86_arm, x86_arm64, amd64, amd64_x86, amd64_arm, or amd64_arm64. + This sets up the environment variables needed for nmake.exe, cl.exe, etc. + See also https://docs.microsoft.com/cpp/build/building-on-the-command-line + + 5. From the root of the OpenSSL source directory enter + perl Configure VC-WIN32 if you want 32-bit OpenSSL or + perl Configure VC-WIN64A if you want 64-bit OpenSSL + + 6. nmake - - Microsoft Visual C compiler. Since we can't test them all, there is - unavoidable uncertainty about which versions are supported. Latest - version along with couple of previous are certainly supported. On - the other hand oldest one is known not to work. Everything between - falls into best-effort category. + 7. nmake test - - Netwide Assembler, a.k.a. NASM, available from https://www.nasm.us, - is required. Note that NASM is the only supported assembler. Even - though Microsoft provided assembler is NOT supported, contemporary - 64-bit version is exercised through continuous integration of - VC-WIN64A-masm target. + 8. nmake install + For the full installation instructions, or if anything goes wrong at any stage, + check the INSTALL.md file. Installation directories ------------------------ @@ -83,7 +99,6 @@ is, of course, to choose a different set of directories by using --prefix and --openssldir when configuring. - Special notes for Universal Windows Platform builds, a.k.a. VC-*-UWP -------------------------------------------------------------------- @@ -91,33 +106,56 @@ - You should define the platform type to "uwp" and the target arch via "vcvarsall.bat" before you compile. For example, if you want to build - "arm64" builds, you should type "vcvarsall.bat x86_arm64 uwp". + "arm64" builds, you should run "vcvarsall.bat x86_arm64 uwp". - mingw and mingw64 - ================= - * MSYS2 shell and development environment installation: + Native OpenSSL built using MinGW + ================================ - Download MSYS2 from https://msys2.github.io/ and follow installation - instructions. Once up and running install even make, perl, (git if - needed,) mingw-w64-i686-gcc and/or mingw-w64-x86_64-gcc. You should - have corresponding MinGW items on your start menu, use *them*, not - generic MSYS2. As implied in opening note, difference between them - is which compiler is found 1st on $PATH. At this point ./config - should recognize correct target, roll as if it was Unix... + MinGW offers an alternative way to build native OpenSSL, by cross compilation. - * It is also possible to build mingw[64] on Linux or Cygwin by - configuring with corresponding --cross-compile-prefix= option. For - example + * Usually the build is done on Windows in a GNU-like environment called MSYS2. - ./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ... + MSYS2 provides GNU tools, a Unix-like command prompt, + and a UNIX compatibility layer for applications. + However in this context it is only used for building OpenSSL. + The resulting OpenSSL does not rely on MSYS2 to run and is fully native. + + Requirement details + + - MSYS2 shell, from https://www.msys2.org/ + + - Perl, at least version 5.10.0, which usually comes pre-installed with MSYS2 + + - make, installed using "pacman -S make" into the MSYS2 environment + + - MinGW[64] compiler: mingw-w64-i686-gcc and/or mingw-w64-x86_64-gcc. + These compilers must be on your MSYS2 $PATH. + A common error is to not have these on your $PATH. + The MSYS2 version of gcc will not work correctly here. + + In the MSYS2 shell do the configuration depending on the target architecture: + ./Configure mingw ... or + ./Configure mingw64 ... + or + ./config ... + for the default architecture. + + Apart from that, follow the Unix / Linux instructions in INSTALL.md. + + * It is also possible to build mingw[64] on Linux or Cygwin. + + In this case configure with the corresponding --cross-compile-prefix= option. + For example + ./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ... + or ./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ... - This naturally implies that you've installed corresponding add-on - packages. + This requires that you've installed the necessary add-on packages for + mingw[64] cross compilation. Linking your application ======================== @@ -146,28 +184,29 @@ } If you link with OpenSSL .DLLs, then you're expected to include into - your application code small "shim" snippet, which provides glue between - OpenSSL BIO layer and your compiler run-time. See the OPENSSL_Applink - manual page for further details. + your application code a small "shim" snippet, which provides + the glue between the OpenSSL BIO layer and your compiler run-time. + See also the OPENSSL_Applink manual page. + - Cygwin, "hosted" environment - ============================ + Hosted OpenSSL built using Cygwin + ================================= - Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of the - Windows subsystem and provides a bash shell and GNU tools environment. - Consequently, a make of OpenSSL with Cygwin is virtually identical to the + Cygwin implements a POSIX/Unix runtime system (cygwin1.dll) on top of the + Windows subsystem and provides a Bash shell and GNU tools environment. + Consequently, a build of OpenSSL with Cygwin is virtually identical to the Unix procedure. To build OpenSSL using Cygwin, you need to: - * Install Cygwin (see https://cygwin.com/) + * Install Cygwin, see https://cygwin.com/ - * Install Cygwin Perl and ensure it is in the path. Recall that - as least 5.10.0 is required. + * Install Cygwin Perl, at least version 5.10.0 + and ensure it is in the $PATH - * Run the Cygwin bash shell + * Run the Cygwin Bash shell - Apart from that, follow the Unix instructions in INSTALL. + Apart from that, follow the Unix / Linux instructions in INSTALL.md. NOTE: "make test" and normal file operations may fail in directories mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin From openssl at openssl.org Sat Jun 13 13:29:23 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 13 Jun 2020 13:29:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1592054963.128324.22623.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 0f6c3ebbf8 doc: Add a hint to man3/EVP_$hash that it is legacy 1154ffbfb3 APPS: Use a second EVP_MD_CTX for EdDSA verify 42b2797e8a APPS: Exclude legacy algorighms from speed d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. 765d04c946 kdf: make function naming consistent. 5cff2df8ce Make it clear that you can't use all ciphers for CMAC a370ff8daa Add a CMAC test 154ea425e6 Correctly handle the return value from EVP_Cipher() in the CMAC code b896d9436d Ensure we never use a partially initialised CMAC_CTX 317ffa576b run_tests.pl: Add options for focussing output on failed (sub-)tests 2a3158ac5b Make error output of dhparams and dsaparams app more consistent 8da42c8b26 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA 498e807ed2 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c a61b6b623d Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c 8bf37709a4 Update RSA keygen to use sp800-56b by default Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=200, Tests=1995, 717 wallclock secs ( 8.12 usr 1.13 sys + 679.64 cusr 44.07 csys = 732.96 CPU) Result: FAIL Makefile:3100: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3098: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Sat Jun 13 14:40:36 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 13 Jun 2020 14:40:36 +0000 Subject: Still Failing: openssl/openssl#35452 (master - 168c595) In-Reply-To: Message-ID: <5ee4e5648040_13f8f2af1c8101855c1@travis-pro-tasks-58679699c9-44pcm.mail> Build Update for openssl/openssl ------------------------------------- Build: #35452 Status: Still Failing Duration: 1 hr, 22 mins, and 22 secs Commit: 168c595 (master) Author: Dr. David von Oheimb Message: Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) View the changeset: https://github.com/openssl/openssl/compare/ffb6c86663f8...168c595b14ff View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171207775?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sat Jun 13 15:51:54 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 13 Jun 2020 15:51:54 +0000 Subject: Still Failing: openssl/openssl#35453 (master - df4c1d8) In-Reply-To: Message-ID: <5ee4f61a3aa31_13fbf217b0f501904c3@travis-pro-tasks-58679699c9-hpjpk.mail> Build Update for openssl/openssl ------------------------------------- Build: #35453 Status: Still Failing Duration: 1 hr, 37 mins, and 33 secs Commit: df4c1d8 (master) Author: Dr. David von Oheimb Message: Update and extend NOTES.WIN, adding 'Quick start' subsection Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12098) View the changeset: https://github.com/openssl/openssl/compare/168c595b14ff...df4c1d80b2c3 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171207963?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Sat Jun 13 15:54:14 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 13 Jun 2020 15:54:14 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1592063654.361279.29061.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 0f6c3ebbf8 doc: Add a hint to man3/EVP_$hash that it is legacy 1154ffbfb3 APPS: Use a second EVP_MD_CTX for EdDSA verify 42b2797e8a APPS: Exclude legacy algorighms from speed d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. 765d04c946 kdf: make function naming consistent. 5cff2df8ce Make it clear that you can't use all ciphers for CMAC a370ff8daa Add a CMAC test 154ea425e6 Correctly handle the return value from EVP_Cipher() in the CMAC code b896d9436d Ensure we never use a partially initialised CMAC_CTX 317ffa576b run_tests.pl: Add options for focussing output on failed (sub-)tests 2a3158ac5b Make error output of dhparams and dsaparams app more consistent 8da42c8b26 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA 498e807ed2 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c a61b6b623d Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c 8bf37709a4 Update RSA keygen to use sp800-56b by default Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=200, Tests=1997, 757 wallclock secs ( 9.02 usr 1.38 sys + 706.19 cusr 48.85 csys = 765.44 CPU) Result: FAIL Makefile:3087: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3085: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat Jun 13 18:04:44 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 13 Jun 2020 18:04:44 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1592071484.916351.2056.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 0f6c3ebbf8 doc: Add a hint to man3/EVP_$hash that it is legacy 1154ffbfb3 APPS: Use a second EVP_MD_CTX for EdDSA verify 42b2797e8a APPS: Exclude legacy algorighms from speed d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. 765d04c946 kdf: make function naming consistent. 5cff2df8ce Make it clear that you can't use all ciphers for CMAC a370ff8daa Add a CMAC test 154ea425e6 Correctly handle the return value from EVP_Cipher() in the CMAC code b896d9436d Ensure we never use a partially initialised CMAC_CTX 317ffa576b run_tests.pl: Add options for focussing output on failed (sub-)tests 2a3158ac5b Make error output of dhparams and dsaparams app more consistent 8da42c8b26 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA 498e807ed2 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c a61b6b623d Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c 8bf37709a4 Update RSA keygen to use sp800-56b by default Build log ended with (last 100 lines): 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=200, Tests=1997, 773 wallclock secs ( 8.67 usr 1.37 sys + 721.15 cusr 48.36 csys = 779.55 CPU) Result: FAIL Makefile:3095: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3093: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Sat Jun 13 18:47:25 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Sat, 13 Jun 2020 18:47:25 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1592074045.514883.12650.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 0f6c3ebbf8 doc: Add a hint to man3/EVP_$hash that it is legacy 1154ffbfb3 APPS: Use a second EVP_MD_CTX for EdDSA verify 42b2797e8a APPS: Exclude legacy algorighms from speed d9c2fd51e2 The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_* functions are now EVP_MAC functions, usually with ctx in their names. 765d04c946 kdf: make function naming consistent. 5cff2df8ce Make it clear that you can't use all ciphers for CMAC a370ff8daa Add a CMAC test 154ea425e6 Correctly handle the return value from EVP_Cipher() in the CMAC code b896d9436d Ensure we never use a partially initialised CMAC_CTX 317ffa576b run_tests.pl: Add options for focussing output on failed (sub-)tests 2a3158ac5b Make error output of dhparams and dsaparams app more consistent 8da42c8b26 Generate error queue entry on FFC_CHECK_BAD_LN_PAIR for DH and DSA 498e807ed2 Silence gcc false positive warning on refdatalen in test/tls13encryptiontest.c a61b6b623d Silence gcc false positive warning on alpn_protos_len in test/handshake_helper.c 8bf37709a4 Update RSA keygen to use sp800-56b by default Build log ended with (last 100 lines): 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=200, Tests=1919, 687 wallclock secs ( 7.59 usr 1.23 sys + 639.13 cusr 44.69 csys = 692.64 CPU) Result: FAIL Makefile:3095: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3093: recipe for target 'tests' failed make: *** [tests] Error 2 From nic.tuv at gmail.com Sat Jun 13 23:42:39 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Sat, 13 Jun 2020 23:42:39 +0000 Subject: [openssl] master update Message-ID: <1592091759.207722.9263.nullmailer@dev.openssl.org> The branch master has been updated via 2edb571b4b857e51620bfd93e240e39de40cb456 (commit) from df4c1d80b2c332e8ea94b95eca0bea8b2e7c19fb (commit) - Log ----------------------------------------------------------------- commit 2edb571b4b857e51620bfd93e240e39de40cb456 Author: Nicola Tuveri Date: Fri Jun 12 18:11:09 2020 +0300 Fix nits detected by make cmd-nits Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12127) ----------------------------------------------------------------------- Summary of changes: apps/rsa.c | 2 +- doc/man7/EVP_PKEY-DH.pod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/rsa.c b/apps/rsa.c index 9f91b72d20..0464729f71 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -65,9 +65,9 @@ const OPTIONS rsa_options[] = { {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, +#endif OPT_PROV_OPTIONS, -#endif {NULL} }; diff --git a/doc/man7/EVP_PKEY-DH.pod b/doc/man7/EVP_PKEY-DH.pod index d2a49b7bfa..6720417673 100644 --- a/doc/man7/EVP_PKEY-DH.pod +++ b/doc/man7/EVP_PKEY-DH.pod @@ -147,7 +147,7 @@ Legacy B domain parameters can be generated by calling: pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); EVP_PKEY_paramgen_init(pctx); - + params[0] = OSSL_PARAM_construct_uint("pbits", &pbits); params[1] = OSSL_PARAM_construct_uint("qbits", &qbits); params[2] = OSSL_PARAM_construct_int("gindex", &gindex); From builds at travis-ci.com Sun Jun 14 01:06:50 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 14 Jun 2020 01:06:50 +0000 Subject: Still Failing: openssl/openssl#35458 (master - 2edb571) In-Reply-To: Message-ID: <5ee5782885712_13ff05d8b5c804336b@travis-pro-tasks-b9cb85ff-cjr7f.mail> Build Update for openssl/openssl ------------------------------------- Build: #35458 Status: Still Failing Duration: 1 hr, 22 mins, and 52 secs Commit: 2edb571 (master) Author: Nicola Tuveri Message: Fix nits detected by make cmd-nits Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12127) View the changeset: https://github.com/openssl/openssl/compare/df4c1d80b2c3...2edb571b4b85 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171234576?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From scan-admin at coverity.com Sun Jun 14 07:52:08 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 14 Jun 2020 07:52:08 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5ee5d72872904_1c9542b1b03752f58892e7@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDoN19TFJwpfzx7faM2hcaNQ-3D-3D5mgi_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGCYuXMFfpOf5qdQghzhIs8CfPyhJzhZYKlUG-2FbBqQoF7hLTa0N70iyV-2BohU-2FoCBBrIWFKx0SZ3TKSTPntMn3KfdnXweOdceyZsVW-2FLnae-2B8rpyyawVqVakHYc4q-2BzLHx-2FAzhUySA-2Bm-2FlVf6Iw95HHcN5nnzfELqgtAdH050h4avQ-3D-3D Build ID: 320677 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Jun 14 07:52:30 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 14 Jun 2020 07:52:30 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5ee5d73eeb46_1c9862b1b03752f5889226@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDi0WH2X69cApo3pLD935e8Q-3D-3D6qMy_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGPmubf445Zv82TzcqCTndsY0c97-2FbhVIS9wAFHVkJ4gr9iY3DHdjS84h6Q6pc03HQHRS-2BAc90dO-2BImPAIKCHBcT-2FUGCno-2B6TdWgPq5xvTG3GnVSTPMcY9ZxFKGFcXQ-2BqV3ZcOtCiFZPZz961NeBTXvvbBuZd95Xou3PV8yu-2BbJWg-3D-3D Build ID: 320676 Analysis Summary: New defects found: 4 Defects eliminated: 0 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/ls/click?upn=QsMnDxMCOVVs7CDlyD2jouKTgNlKFinTRd3y-2BJC7sZryfVdWHH2BBU620aHLHGfhMXPTHYY5wQ5zOiTMnTlWDg-3D-3DW_ot_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGPmubf445Zv82TzcqCTndsY0c97-2FbhVIS9wAFHVkJ4gigJhg2mBPd3i2T-2BJX4nieQ76-2BoG21uEzJgXpoTJKhR8P5MWl9xuvZQ59lfC3tSIwgm0gqWlqSjuDBjJCYKjkdxRjpw1BcZTnt2K3S9-2F2Pia7mZ7shnxd-2B08x2i1U0zklQ-3D-3D From kaduk at mit.edu Sun Jun 14 19:56:05 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Sun, 14 Jun 2020 19:56:05 +0000 Subject: [openssl] master update Message-ID: <1592164565.208284.4850.nullmailer@dev.openssl.org> The branch master has been updated via 670ff08e77c5b331443a3ed6d41564d863a47f06 (commit) from 2edb571b4b857e51620bfd93e240e39de40cb456 (commit) - Log ----------------------------------------------------------------- commit 670ff08e77c5b331443a3ed6d41564d863a47f06 Author: Benjamin Kaduk Date: Fri Jun 12 19:56:11 2020 -0700 Fix logic error for building x86 CAST assembly The assembly code is not PIC, so we should only try to build it when the configuration has disabled PIC, not the other way around. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12128) ----------------------------------------------------------------------- Summary of changes: crypto/cast/build.info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/cast/build.info b/crypto/cast/build.info index 8763f22405..01a3691d68 100644 --- a/crypto/cast/build.info +++ b/crypto/cast/build.info @@ -2,7 +2,7 @@ LIBS=../../libcrypto $CASTASM=c_enc.c # CAST assembly source is not PIC -IF[{- !$disabled{asm} && !$disabled{pic} -}] +IF[{- !$disabled{asm} && $disabled{pic} -}] $CASTASM_x86=cast-586.s # Now that we have defined all the arch specific variables, use the From builds at travis-ci.com Sun Jun 14 21:20:24 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 14 Jun 2020 21:20:24 +0000 Subject: Errored: openssl/openssl#35464 (master - 670ff08) In-Reply-To: Message-ID: <5ee69497bef82_13fbf979a49e41267a@travis-pro-tasks-d6b9559bf-s5cmf.mail> Build Update for openssl/openssl ------------------------------------- Build: #35464 Status: Errored Duration: 1 hr, 22 mins, and 49 secs Commit: 670ff08 (master) Author: Benjamin Kaduk Message: Fix logic error for building x86 CAST assembly The assembly code is not PIC, so we should only try to build it when the configuration has disabled PIC, not the other way around. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/12128) View the changeset: https://github.com/openssl/openssl/compare/2edb571b4b85...670ff08e77c5 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171285032?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jun 15 01:30:57 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 15 Jun 2020 01:30:57 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1592184657.900617.29736.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=201, Tests=1929, 776 wallclock secs ( 8.29 usr 1.25 sys + 729.73 cusr 49.77 csys = 789.04 CPU) Result: FAIL Makefile:3109: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3107: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jun 15 04:13:15 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 15 Jun 2020 04:13:15 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1592194395.417766.6838.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): providers/libcrypto-shlib-nullprov.o \ providers/libimplementations.a providers/libcommon.a providers/libnonfips.a -ldl -pthread rm -f libcrypto.so && \ ln -s libcrypto.so.3 libcrypto.so clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-znodelete -shared -Wl,-Bsymbolic -Wl,-soname=libssl.so.3 \ -o libssl.so.3 -Wl,--version-script=libssl.ld \ crypto/libssl-shlib-packet.o ssl/libssl-shlib-bio_ssl.o \ ssl/libssl-shlib-d1_lib.o ssl/libssl-shlib-d1_msg.o \ ssl/libssl-shlib-d1_srtp.o ssl/libssl-shlib-methods.o \ ssl/libssl-shlib-pqueue.o ssl/libssl-shlib-s3_cbc.o \ ssl/libssl-shlib-s3_enc.o ssl/libssl-shlib-s3_lib.o \ ssl/libssl-shlib-s3_msg.o ssl/libssl-shlib-ssl_asn1.o \ ssl/libssl-shlib-ssl_cert.o ssl/libssl-shlib-ssl_ciph.o \ ssl/libssl-shlib-ssl_conf.o ssl/libssl-shlib-ssl_err.o \ ssl/libssl-shlib-ssl_init.o ssl/libssl-shlib-ssl_lib.o \ ssl/libssl-shlib-ssl_mcnf.o ssl/libssl-shlib-ssl_rsa.o \ ssl/libssl-shlib-ssl_sess.o ssl/libssl-shlib-ssl_stat.o \ ssl/libssl-shlib-ssl_txt.o ssl/libssl-shlib-ssl_utst.o \ ssl/libssl-shlib-t1_enc.o ssl/libssl-shlib-t1_lib.o \ ssl/libssl-shlib-t1_trce.o ssl/libssl-shlib-tls13_enc.o \ ssl/libssl-shlib-tls_srp.o \ ssl/record/libssl-shlib-dtls1_bitmap.o \ ssl/record/libssl-shlib-rec_layer_d1.o \ ssl/record/libssl-shlib-rec_layer_s3.o \ ssl/record/libssl-shlib-ssl3_buffer.o \ ssl/record/libssl-shlib-ssl3_record.o \ ssl/record/libssl-shlib-ssl3_record_tls13.o \ ssl/statem/libssl-shlib-extensions.o \ ssl/statem/libssl-shlib-extensions_clnt.o \ ssl/statem/libssl-shlib-extensions_cust.o \ ssl/statem/libssl-shlib-extensions_srvr.o \ ssl/statem/libssl-shlib-statem.o \ ssl/statem/libssl-shlib-statem_clnt.o \ ssl/statem/libssl-shlib-statem_dtls.o \ ssl/statem/libssl-shlib-statem_lib.o \ ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld \ engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld \ engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld \ engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld \ engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld \ engines/padlock-dso-e_padlock-x86_64.o \ engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test \ fuzz/asn1parse-test-bin-asn1parse.o \ fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test \ fuzz/bignum-test-bin-bignum.o \ fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22675: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22699: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3038: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Mon Jun 15 06:28:22 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 15 Jun 2020 06:28:22 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1592202502.815400.22674.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=201, Tests=1902, 777 wallclock secs ( 8.57 usr 1.20 sys + 725.51 cusr 45.88 csys = 781.16 CPU) Result: FAIL Makefile:3046: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3044: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jun 15 06:51:37 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 15 Jun 2020 06:51:37 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1592203897.703514.30847.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=201, Tests=2002, 784 wallclock secs ( 9.24 usr 1.36 sys + 726.94 cusr 47.51 csys = 785.05 CPU) Result: FAIL Makefile:3096: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3094: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jun 15 11:39:35 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 15 Jun 2020 11:39:35 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1592221175.442182.12573.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=201, Tests=1929, 811 wallclock secs ( 9.19 usr 1.50 sys + 754.94 cusr 52.63 csys = 818.26 CPU) Result: FAIL Makefile:3088: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3086: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jun 15 19:03:04 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 15 Jun 2020 19:03:04 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1592247784.264854.1558.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=201, Tests=2005, 819 wallclock secs ( 8.31 usr 1.22 sys + 732.20 cusr 51.34 csys = 793.07 CPU) Result: FAIL Makefile:3087: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3085: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jun 15 21:20:11 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 15 Jun 2020 21:20:11 +0000 Subject: FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1592256011.220647.1670.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled 70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 65-test_cmp_vfy.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=201, Tests=1732, 722 wallclock secs ( 7.27 usr 1.31 sys + 674.18 cusr 42.67 csys = 725.43 CPU) Result: FAIL Makefile:2354: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2352: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Mon Jun 15 22:23:55 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 15 Jun 2020 22:23:55 +0000 Subject: [openssl] master update Message-ID: <1592259835.944564.25905.nullmailer@dev.openssl.org> The branch master has been updated via 0800288e6e1d9f44d471043a970ba57743ca8f4c (commit) from 670ff08e77c5b331443a3ed6d41564d863a47f06 (commit) - Log ----------------------------------------------------------------- commit 0800288e6e1d9f44d471043a970ba57743ca8f4c Author: Richard Levitte Date: Sat Jun 13 22:16:14 2020 +0200 EVP: allow empty strings to EVP_Decode* functions This is a simple check order correction. Fixes #12143 Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12144) ----------------------------------------------------------------------- Summary of changes: crypto/evp/encode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index fb657d1499..01552ac098 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -423,7 +423,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, table = data_ascii2bin; /* trim white space from the start of the line. */ - while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) { + while ((n > 0) && (conv_ascii2bin(*f, table) == B64_WS)) { f++; n--; } From pauli at openssl.org Mon Jun 15 22:25:25 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Mon, 15 Jun 2020 22:25:25 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1592259925.922427.27194.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 92cef3f186c20e702b7751c5ef959b4fe816a189 (commit) from ac4f465406ced9601cb8c9cb800ad9a37e61b6da (commit) - Log ----------------------------------------------------------------- commit 92cef3f186c20e702b7751c5ef959b4fe816a189 Author: Richard Levitte Date: Sat Jun 13 22:16:14 2020 +0200 EVP: allow empty strings to EVP_Decode* functions This is a simple check order correction. Fixes #12143 Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12144) (cherry picked from commit 0800288e6e1d9f44d471043a970ba57743ca8f4c) ----------------------------------------------------------------------- Summary of changes: crypto/evp/encode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 9307ff0464..b178be067a 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -423,7 +423,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, table = data_ascii2bin; /* trim white space from the start of the line. */ - while ((conv_ascii2bin(*f, table) == B64_WS) && (n > 0)) { + while ((n > 0) && (conv_ascii2bin(*f, table) == B64_WS)) { f++; n--; } From builds at travis-ci.com Tue Jun 16 00:02:08 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 16 Jun 2020 00:02:08 +0000 Subject: Errored: openssl/openssl#35476 (master - 0800288) In-Reply-To: Message-ID: <5ee80bfff3685_13f9d7cf0f3d0507727@travis-pro-tasks-5cc565c47b-ct9m5.mail> Build Update for openssl/openssl ------------------------------------- Build: #35476 Status: Errored Duration: 1 hr, 26 mins, and 46 secs Commit: 0800288 (master) Author: Richard Levitte Message: EVP: allow empty strings to EVP_Decode* functions This is a simple check order correction. Fixes #12143 Reviewed-by: Ben Kaduk Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12144) View the changeset: https://github.com/openssl/openssl/compare/670ff08e77c5...0800288e6e1d View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171479643?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 16 03:06:19 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jun 2020 03:06:19 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1592276779.117707.9505.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c CC="clang" /usr/bin/perl ../openssl/crypto/aes/asm/aes-x86_64.pl "elf" -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -I../openssl -I../openssl/include -I../openssl/providers/common/include -I../openssl/providers/implementations/include -I../openssl/crypto/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM crypto/aes/aes-x86_64.s ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4090: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3065: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Tue Jun 16 07:49:35 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jun 2020 07:49:35 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1592293775.451462.6221.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-core_numbers.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4082: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3057: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Tue Jun 16 10:23:04 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jun 2020 10:23:04 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1592302984.941480.16192.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-list.d.tmp -MT apps/openssl-bin-list.o -c -o apps/openssl-bin-list.o ../openssl/apps/list.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-mac.d.tmp -MT apps/openssl-bin-mac.o -c -o apps/openssl-bin-mac.o ../openssl/apps/mac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-nseq.d.tmp -MT apps/openssl-bin-nseq.o -c -o apps/openssl-bin-nseq.o ../openssl/apps/nseq.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-ocsp.d.tmp -MT apps/openssl-bin-ocsp.o -c -o apps/openssl-bin-ocsp.o ../openssl/apps/ocsp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-openssl.d.tmp -MT apps/openssl-bin-openssl.o -c -o apps/openssl-bin-openssl.o ../openssl/apps/openssl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-passwd.d.tmp -MT apps/openssl-bin-passwd.o -c -o apps/openssl-bin-passwd.o ../openssl/apps/passwd.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs12.d.tmp -MT apps/openssl-bin-pkcs12.o -c -o apps/openssl-bin-pkcs12.o ../openssl/apps/pkcs12.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs7.d.tmp -MT apps/openssl-bin-pkcs7.o -c -o apps/openssl-bin-pkcs7.o ../openssl/apps/pkcs7.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs8.d.tmp -MT apps/openssl-bin-pkcs8.o -c -o apps/openssl-bin-pkcs8.o ../openssl/apps/pkcs8.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkey.d.tmp -MT apps/openssl-bin-pkey.o -c -o apps/openssl-bin-pkey.o ../openssl/apps/pkey.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyparam.d.tmp -MT apps/openssl-bin-pkeyparam.o -c -o apps/openssl-bin-pkeyparam.o ../openssl/apps/pkeyparam.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyutl.d.tmp -MT apps/openssl-bin-pkeyutl.o -c -o apps/openssl-bin-pkeyutl.o ../openssl/apps/pkeyutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-prime.d.tmp -MT apps/openssl-bin-prime.o -c -o apps/openssl-bin-prime.o ../openssl/apps/prime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-progs.d.tmp -MT apps/openssl-bin-progs.o -c -o apps/openssl-bin-progs.o apps/progs.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-provider.d.tmp -MT apps/openssl-bin-provider.o -c -o apps/openssl-bin-provider.o ../openssl/apps/provider.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rand.d.tmp -MT apps/openssl-bin-rand.o -c -o apps/openssl-bin-rand.o ../openssl/apps/rand.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rehash.d.tmp -MT apps/openssl-bin-rehash.o -c -o apps/openssl-bin-rehash.o ../openssl/apps/rehash.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-req.d.tmp -MT apps/openssl-bin-req.o -c -o apps/openssl-bin-req.o ../openssl/apps/req.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsa.d.tmp -MT apps/openssl-bin-rsa.o -c -o apps/openssl-bin-rsa.o ../openssl/apps/rsa.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsautl.d.tmp -MT apps/openssl-bin-rsautl.o -c -o apps/openssl-bin-rsautl.o ../openssl/apps/rsautl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_client.d.tmp -MT apps/openssl-bin-s_client.o -c -o apps/openssl-bin-s_client.o ../openssl/apps/s_client.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_server.d.tmp -MT apps/openssl-bin-s_server.o -c -o apps/openssl-bin-s_server.o ../openssl/apps/s_server.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_time.d.tmp -MT apps/openssl-bin-s_time.o -c -o apps/openssl-bin-s_time.o ../openssl/apps/s_time.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-sess_id.d.tmp -MT apps/openssl-bin-sess_id.o -c -o apps/openssl-bin-sess_id.o ../openssl/apps/sess_id.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-smime.d.tmp -MT apps/openssl-bin-smime.o -c -o apps/openssl-bin-smime.o ../openssl/apps/smime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-speed.d.tmp -MT apps/openssl-bin-speed.o -c -o apps/openssl-bin-speed.o ../openssl/apps/speed.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-spkac.d.tmp -MT apps/openssl-bin-spkac.o -c -o apps/openssl-bin-spkac.o ../openssl/apps/spkac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-srp.d.tmp -MT apps/openssl-bin-srp.o -c -o apps/openssl-bin-srp.o ../openssl/apps/srp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-storeutl.d.tmp -MT apps/openssl-bin-storeutl.o -c -o apps/openssl-bin-storeutl.o ../openssl/apps/storeutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-verify.d.tmp -MT apps/openssl-bin-verify.o -c -o apps/openssl-bin-verify.o ../openssl/apps/verify.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-version.d.tmp -MT apps/openssl-bin-version.o -c -o apps/openssl-bin-version.o ../openssl/apps/version.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-x509.d.tmp -MT apps/openssl-bin-x509.o -c -o apps/openssl-bin-x509.o ../openssl/apps/x509.c rm -f fuzz/cmp-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o fuzz/cmp-test \ fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-test-corpus.o \ libcrypto.a -ldl -pthread rm -f test/asn1_dsa_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_dsa_internal_test \ test/asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/asn1_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_internal_test \ test/asn1_internal_test-bin-asn1_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/bn_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/bn_internal_test \ test/bn_internal_test-bin-bn_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread libcrypto.a(libcrypto-lib-cms_sd.o): In function `libcrypto.a(libcrypto-lib-cms_sd.o)CMS_add1_signer: In function `': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:CMS_add1_signer364': : undefined reference to `/home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:ESS_SIGNING_CERT_new_init364' : undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370/home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `: undefined reference to `ESS_SIGNING_CERT_V2_new_initESS_SIGNING_CERT_V2_new_init' ' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22800: recipe for target 'fuzz/cmp-test' failed make[1]: *** [fuzz/cmp-test] Error 1 make[1]: *** Waiting for unfinished jobs.... clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23021: recipe for target 'test/asn1_dsa_internal_test' failed make[1]: *** [test/asn1_dsa_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23051: recipe for target 'test/asn1_internal_test' failed make[1]: *** [test/asn1_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23249: recipe for target 'test/bn_internal_test' failed make[1]: *** [test/bn_internal_test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ts' Makefile:3019: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Tue Jun 16 11:10:48 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jun 2020 11:10:48 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1592305848.333337.25931.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 7 Non-zero exit status: 1 Files=201, Tests=2005, 1669 wallclock secs ( 8.97 usr 1.30 sys + 1604.69 cusr 68.44 csys = 1683.40 CPU) Result: FAIL Makefile:3091: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3089: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jun 16 11:32:17 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jun 2020 11:32:17 +0000 Subject: FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1592307137.267054.4133.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=201, Tests=2005, 797 wallclock secs ( 7.85 usr 1.24 sys + 713.84 cusr 48.92 csys = 771.85 CPU) Result: FAIL Makefile:3095: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3093: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jun 16 14:10:06 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jun 2020 14:10:06 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1592316606.983490.24070.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=201, Tests=2002, 775 wallclock secs ( 8.70 usr 1.42 sys + 720.64 cusr 51.44 csys = 782.20 CPU) Result: FAIL Makefile:3104: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3102: recipe for target 'tests' failed make: *** [tests] Error 2 From tmraz at fedoraproject.org Tue Jun 16 14:16:57 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 16 Jun 2020 14:16:57 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1592317017.327716.24311.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 4151e303a488c53613f7b8c6eae4372759d7fa35 (commit) from 92cef3f186c20e702b7751c5ef959b4fe816a189 (commit) - Log ----------------------------------------------------------------- commit 4151e303a488c53613f7b8c6eae4372759d7fa35 Author: olszomal Date: Fri Jun 12 12:09:02 2020 +0200 CMS_get0_signers() description CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12055) (cherry picked from commit 9ac916c7529a21cd01d1b539362abf8402719e30) ----------------------------------------------------------------------- Summary of changes: doc/man3/CMS_verify.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/CMS_verify.pod b/doc/man3/CMS_verify.pod index be688681cb..b6650fdeb6 100644 --- a/doc/man3/CMS_verify.pod +++ b/doc/man3/CMS_verify.pod @@ -24,7 +24,7 @@ present in B. The content is written to B if it is not NULL. B is an optional set of flags, which can be used to modify the verify operation. -CMS_get0_signers() retrieves the signing certificate(s) from B, it must +CMS_get0_signers() retrieves the signing certificate(s) from B, it may only be called after a successful CMS_verify() operation. =head1 VERIFY PROCESS From tmraz at fedoraproject.org Tue Jun 16 14:16:01 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 16 Jun 2020 14:16:01 +0000 Subject: [openssl] master update Message-ID: <1592316961.579995.22720.nullmailer@dev.openssl.org> The branch master has been updated via 9ac916c7529a21cd01d1b539362abf8402719e30 (commit) from 0800288e6e1d9f44d471043a970ba57743ca8f4c (commit) - Log ----------------------------------------------------------------- commit 9ac916c7529a21cd01d1b539362abf8402719e30 Author: olszomal Date: Fri Jun 12 12:09:02 2020 +0200 CMS_get0_signers() description CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12055) ----------------------------------------------------------------------- Summary of changes: doc/man3/CMS_verify.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/man3/CMS_verify.pod b/doc/man3/CMS_verify.pod index ed289b1aff..a3dfb420b0 100644 --- a/doc/man3/CMS_verify.pod +++ b/doc/man3/CMS_verify.pod @@ -24,7 +24,7 @@ present in B. The content is written to B if it is not NULL. B is an optional set of flags, which can be used to modify the verify operation. -CMS_get0_signers() retrieves the signing certificate(s) from B, it must +CMS_get0_signers() retrieves the signing certificate(s) from B, it may only be called after a successful CMS_verify() operation. =head1 VERIFY PROCESS From builds at travis-ci.com Tue Jun 16 15:43:37 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 16 Jun 2020 15:43:37 +0000 Subject: Errored: openssl/openssl#35487 (master - 9ac916c) In-Reply-To: Message-ID: <5ee8e8a86c990_13f8f36c9bbfc6464f9@travis-pro-tasks-6d57fd8dcf-lbjw8.mail> Build Update for openssl/openssl ------------------------------------- Build: #35487 Status: Errored Duration: 1 hr, 25 mins, and 47 secs Commit: 9ac916c (master) Author: olszomal Message: CMS_get0_signers() description CLA: trivial Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12055) View the changeset: https://github.com/openssl/openssl/compare/0800288e6e1d...9ac916c7529a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171613999?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 16 16:39:41 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jun 2020 16:39:41 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1592325581.750931.11037.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=201, Tests=2004, 770 wallclock secs ( 8.29 usr 1.25 sys + 724.62 cusr 49.48 csys = 783.64 CPU) Result: FAIL Makefile:3093: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3091: recipe for target 'tests' failed make: *** [tests] Error 2 From dev at ddvo.net Tue Jun 16 16:53:19 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Tue, 16 Jun 2020 16:53:19 +0000 Subject: [openssl] master update Message-ID: <1592326399.356479.9145.nullmailer@dev.openssl.org> The branch master has been updated via e98c7350bfaf0ae1f2b72d68d4c5721de24a478f (commit) via 3f528d0899e8fe850c63d600ee29146bc8a9c125 (commit) via c0fff24e0dc168a0dff4209d120733e6684e0767 (commit) from 9ac916c7529a21cd01d1b539362abf8402719e30 (commit) - Log ----------------------------------------------------------------- commit e98c7350bfaf0ae1f2b72d68d4c5721de24a478f Author: Dr. David von Oheimb Date: Thu May 28 15:16:45 2020 +0200 Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs Add/extend range check for 'fd' argument of BIO_socket_wait() and bio_wait() Correct nap time calculations in bio_wait(), thus correcting also BIO_wait() Update a type cast from 'unsigned long' to 'unsigned int' Extend the comments and documentation of BIO_wait() Rename BIO_connect_retry() to BIO_do_connect_retry() Make its 'timeout' argument < 0 lead to BIO_do_connect() tried only once Add optional 'nap_milliseconds' parameter determining the polling granularity Correct and generalize the retry case checking Extend the comments and documentation of BIO_do_connect_retry() Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11986) commit 3f528d0899e8fe850c63d600ee29146bc8a9c125 Author: Dr. David von Oheimb Date: Thu Jun 4 10:33:28 2020 +0200 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11986) commit c0fff24e0dc168a0dff4209d120733e6684e0767 Author: Dr. David von Oheimb Date: Wed Jun 3 07:49:27 2020 +0200 Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11986) ----------------------------------------------------------------------- Summary of changes: crypto/bio/b_sock.c | 2 + crypto/bio/bio_lib.c | 116 +++++++++++++++++++++++----------------- crypto/bio/bss_acpt.c | 6 ++- crypto/bio/bss_conn.c | 25 ++++++--- crypto/http/http_client.c | 4 +- doc/man3/BIO_socket_wait.pod | 43 +++++++++------ doc/man3/OSSL_CMP_CTX_new.pod | 2 +- doc/man3/OSSL_HTTP_transfer.pod | 2 +- include/openssl/bio.h | 4 +- util/libcrypto.num | 2 +- 10 files changed, 125 insertions(+), 81 deletions(-) diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index f5d2a627cb..79f7743b2f 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -387,6 +387,8 @@ int BIO_socket_wait(int fd, int for_read, time_t max_time) struct timeval tv; time_t now; + if (fd < 0 || fd >= FD_SETSIZE) + return -1; if (max_time == 0) return 1; diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 1579f7c366..c3c798d4b4 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -786,41 +786,49 @@ void bio_cleanup(void) } /* Internal variant of the below BIO_wait() not calling BIOerr() */ -static int bio_wait(BIO *bio, time_t max_time, unsigned int milliseconds) +static int bio_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds) { #ifndef OPENSSL_NO_SOCK int fd; #endif + long sec_diff; - if (max_time == 0) + if (max_time == 0) /* no timeout */ return 1; #ifndef OPENSSL_NO_SOCK - if (BIO_get_fd(bio, &fd) > 0) + if (BIO_get_fd(bio, &fd) > 0 && fd < FD_SETSIZE) return BIO_socket_wait(fd, BIO_should_read(bio), max_time); #endif - if (milliseconds > 1000) { - long sec_diff = (long)(max_time - time(NULL)); /* might overflow */ + /* fall back to polling since no sockets are available */ - if (sec_diff <= 0) - return 0; /* timeout */ - if ((unsigned long)sec_diff < milliseconds / 1000) - milliseconds = (unsigned long)sec_diff * 1000; + sec_diff = (long)(max_time - time(NULL)); /* might overflow */ + if (sec_diff < 0) + return 0; /* clearly timeout */ + + /* now take a nap at most the given number of milliseconds */ + if (sec_diff == 0) { /* we are below the 1 seconds resolution of max_time */ + if (nap_milliseconds > 1000) + nap_milliseconds = 1000; + } else { /* for sec_diff > 0, take min(sec_diff * 1000, nap_milliseconds) */ + if ((unsigned long)sec_diff * 1000 < nap_milliseconds) + nap_milliseconds = (unsigned int)sec_diff * 1000; } - ossl_sleep(milliseconds); + ossl_sleep(nap_milliseconds); return 1; } -/* +/*- * Wait on (typically socket-based) BIO at most until max_time. - * Succeed immediately if max_time == 0. If sockets are not available succeed - * after waiting at most given milliseconds in order to avoid a tight busy loop. - * Call BIOerr(...) unless success. + * Succeed immediately if max_time == 0. + * If sockets are not available support polling: succeed after waiting at most + * the number of nap_milliseconds in order to avoid a tight busy loop. + * Call BIOerr(...) on timeout or error. * Returns -1 on error, 0 on timeout, and 1 on success. */ -int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds) +int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds) { - int rv = bio_wait(bio, max_time, milliseconds); + int rv = bio_wait(bio, max_time, nap_milliseconds); if (rv <= 0) BIOerr(0, rv == 0 ? BIO_R_TRANSFER_TIMEOUT : BIO_R_TRANSFER_ERROR); @@ -828,13 +836,16 @@ int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds) } /* - * Connect via given BIO using BIO_do_handshake() until success/timeout/error. - * Parameter timeout == 0 means infinite, < 0 leads to immediate timeout error. + * Connect via given BIO using BIO_do_connect() until success/timeout/error. + * Parameter timeout == 0 means no timeout, < 0 means exactly one try. + * For non-blocking and potentially even non-socket BIOs perform polling with + * the given density: between polls sleep nap_milliseconds using BIO_wait() + * in order to avoid a tight busy loop. * Returns -1 on error, 0 on timeout, and 1 on success. */ -int BIO_connect_retry(BIO *bio, int timeout) +int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds) { - int blocking = timeout == 0; + int blocking = timeout <= 0; time_t max_time = timeout > 0 ? time(NULL) + timeout : 0; int rv; @@ -843,40 +854,47 @@ int BIO_connect_retry(BIO *bio, int timeout) return -1; } - if (timeout < 0) { - BIOerr(0, BIO_R_CONNECT_TIMEOUT); - return 0; - } - - if (!blocking) - BIO_set_nbio(bio, 1); - - retry: /* it does not help here to set SSL_MODE_AUTO_RETRY */ - rv = BIO_do_handshake(bio); /* This indirectly calls ERR_clear_error(); */ - - if (rv <= 0) { - if (get_last_sys_error() == ETIMEDOUT) { - /* - * if blocking, despite blocking BIO, BIO_do_handshake() timed out - * when non-blocking, BIO_do_handshake() timed out early - * with rv == -1 and get_last_sys_error() == 0 - */ - ERR_clear_error(); - (void)BIO_reset(bio); - /* - * unless using BIO_reset(), blocking next connect() may crash and - * non-blocking next BIO_do_handshake() will fail - */ - goto retry; - } else if (BIO_should_retry(bio)) { - /* will not actually wait if timeout == 0 (i.e., blocking BIO) */ - rv = bio_wait(bio, max_time, 100 /* milliseconds */); + if (nap_milliseconds < 0) + nap_milliseconds = 100; + BIO_set_nbio(bio, !blocking); + + retry: + rv = BIO_do_connect(bio); /* This may indirectly call ERR_clear_error(); */ + + if (rv <= 0) { /* could be timeout or retryable error or fatal error */ + int err = ERR_peek_last_error(); + int reason = ERR_GET_REASON(err); + int do_retry = BIO_should_retry(bio); /* may be 1 only if !blocking */ + + if (ERR_GET_LIB(err) == ERR_LIB_BIO) { + switch (reason) { + case ERR_R_SYS_LIB: + /* + * likely retryable system error occurred, which may be + * EAGAIN (resource temporarily unavailable) some 40 secs after + * calling getaddrinfo(): Temporary failure in name resolution + * or a premature ETIMEDOUT, some 30 seconds after connect() + */ + case BIO_R_CONNECT_ERROR: + case BIO_R_NBIO_CONNECT_ERROR: + /* some likely retryable connection error occurred */ + (void)BIO_reset(bio); /* often needed to avoid retry failure */ + do_retry = 1; + break; + default: + break; + } + } + if (timeout >= 0 && do_retry) { + ERR_clear_error(); /* using ERR_pop_to_mark() would be cleaner */ + /* will not actually wait if timeout == 0 (i.e., blocking BIO): */ + rv = bio_wait(bio, max_time, nap_milliseconds); if (rv > 0) goto retry; BIOerr(0, rv == 0 ? BIO_R_CONNECT_TIMEOUT : BIO_R_CONNECT_ERROR); } else { rv = -1; - if (ERR_peek_error() == 0) /* missing error queue entry */ + if (err == 0) /* missing error queue entry */ BIOerr(0, BIO_R_CONNECT_ERROR); /* workaround: general error */ } } diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 3523f68edd..7f1af71e0f 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -433,8 +433,10 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) b->init = 1; } else if (num == 1) { OPENSSL_free(data->param_serv); - data->param_serv = OPENSSL_strdup(ptr); - b->init = 1; + if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + else + b->init = 1; } else if (num == 2) { data->bind_mode |= BIO_SOCK_NONBLOCK; } else if (num == 3) { diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 31a5b58b7d..6cff2a99ac 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -438,12 +438,13 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_C_SET_CONNECT: if (ptr != NULL) { b->init = 1; - if (num == 0) { + if (num == 0) { /* BIO_set_conn_hostname */ char *hold_service = data->param_service; /* We affect the hostname regardless. However, the input * string might contain a host:service spec, so we must * parse it, which might or might not affect the service */ + OPENSSL_free(data->param_hostname); data->param_hostname = NULL; ret = BIO_parse_hostserv(ptr, @@ -452,19 +453,29 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_PARSE_PRIO_HOST); if (hold_service != data->param_service) OPENSSL_free(hold_service); - } else if (num == 1) { + } else if (num == 1) { /* BIO_set_conn_port */ OPENSSL_free(data->param_service); - data->param_service = OPENSSL_strdup(ptr); - } else if (num == 2) { + if ((data->param_service = OPENSSL_strdup(ptr)) == NULL) + ret = 0; + } else if (num == 2) { /* BIO_set_conn_address */ const BIO_ADDR *addr = (const BIO_ADDR *)ptr; + char *host = BIO_ADDR_hostname_string(addr, 1); + char *service = BIO_ADDR_service_string(addr, 1); + + ret = host != NULL && service != NULL; if (ret) { - data->param_hostname = BIO_ADDR_hostname_string(addr, 1); - data->param_service = BIO_ADDR_service_string(addr, 1); + OPENSSL_free(data->param_hostname); + data->param_hostname = host; + OPENSSL_free(data->param_service); + data->param_service = service; BIO_ADDRINFO_free(data->addr_first); data->addr_first = NULL; data->addr_iter = NULL; + } else { + OPENSSL_free(host); + OPENSSL_free(service); } - } else if (num == 3) { + } else if (num == 3) { /* BIO_set_conn_ip_family */ data->connect_family = *(int *)ptr; } else { ret = 0; diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index 64f877abed..a8dda0050a 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -814,7 +814,7 @@ static int update_timeout(int timeout, time_t start_time) * BIO *(*OSSL_HTTP_bio_cb_t) (BIO *bio, void *arg, int conn, int detail); * The callback may modify the HTTP BIO provided in the bio argument, * whereby it may make use of any custom defined argument 'arg'. - * During connection establishment, just after BIO_connect_retry(), + * During connection establishment, just after BIO_do_connect_retry(), * the callback function is invoked with the 'conn' argument being 1 * 'detail' indicating whether a HTTPS (i.e., TLS) connection is requested. * On disconnect 'conn' is 0 and 'detail' indicates that no error occurred. @@ -873,7 +873,7 @@ BIO *OSSL_HTTP_transfer(const char *server, const char *port, const char *path, /* remaining parameters are checked indirectly by the functions called */ (void)ERR_set_mark(); /* prepare removing any spurious libssl errors */ - if (rbio == NULL && BIO_connect_retry(cbio, timeout) <= 0) + if (rbio == NULL && BIO_do_connect_retry(cbio, timeout, -1) <= 0) goto end; /* now timeout is guaranteed to be >= 0 */ diff --git a/doc/man3/BIO_socket_wait.pod b/doc/man3/BIO_socket_wait.pod index d105dfe698..b00a878c9d 100644 --- a/doc/man3/BIO_socket_wait.pod +++ b/doc/man3/BIO_socket_wait.pod @@ -4,8 +4,8 @@ BIO_socket_wait, BIO_wait, -BIO_connect_retry -- BIO socket utility functions +BIO_do_connect_retry +- BIO connection utility functions =head1 SYNOPSIS @@ -14,8 +14,8 @@ BIO_connect_retry #ifndef OPENSSL_NO_SOCK int BIO_socket_wait(int fd, int for_read, time_t max_time); #endif - int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds); - int BIO_connect_retry(BIO *bio, long timeout); + int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds); + int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds); =head1 DESCRIPTION @@ -23,27 +23,38 @@ BIO_socket_wait() waits on the socket B for reading if B is not 0, else for writing, at most until B. It succeeds immediately if B == 0 (which means no timeout given). -BIO_wait() waits at most until B on the given B, -which is typically socket-based, -for reading if B is supposed to read, else for writing. +BIO_wait() waits at most until B on the given (typically socket-based) +B, for reading if B is supposed to read, else for writing. +It is used by BIO_do_connect_retry() and can be used together L. It succeeds immediately if B == 0 (which means no timeout given). -If sockets are not available it succeeds after waiting at most given -B in order to help avoiding a tight busy loop at the caller. - -BIO_connect_retry() connects via the given B, retrying BIO_do_connect() -until success or a timeout or error condition is reached. +If sockets are not available it supports polling by succeeding after sleeping +at most the given B in order to avoid a tight busy loop. +Via B the caller determines the polling granularity. + +BIO_do_connect_retry() connects via the given B. +It retries BIO_do_connect() as far as needed to reach a definite outcome, +i.e., connection succeeded, timeout has been reached, or an error occurred. +For non-blocking and potentially even non-socket BIOs it polls +every B and sleeps in between using BIO_wait(). +If B is < 0 then a default value of 100 ms is used. If the B parameter is > 0 this indicates the maximum number of seconds -to wait until the connection is established. A value of 0 enables waiting -indefinitely, while a value < 0 immediately leads to a timeout condition. +to wait until the connection is established or a definite error occurred. +A value of 0 enables waiting indefinitely (i.e, no timeout), +while a value < 0 means that BIO_do_connect() is tried only once. +The function may, directly or indirectly, invoke ERR_clear_error(). =head1 RETURN VALUES -BIO_socket_wait(), BIO_wait(), and BIO_connect_retry() +BIO_socket_wait(), BIO_wait(), and BIO_do_connect_retry() return -1 on error, 0 on timeout, and 1 on success. +=head1 SEE ALSO + +L, L + =head1 HISTORY -BIO_socket_wait(), BIO_wait(), and BIO_connect_retry() +BIO_socket_wait(), BIO_wait(), and BIO_do_connect_retry() were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 97927fb45e..e8237b46e7 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -337,7 +337,7 @@ function, which has the prototype The callback may modify the BIO B provided by OSSL_CMP_MSG_http_perform(), whereby it may make use of a custom defined argument B stored in the OSSL_CMP_CTX by means of OSSL_CMP_CTX_set_http_cb_arg(). -During connection establishment, just after calling BIO_connect_retry(), +During connection establishment, just after calling BIO_do_connect_retry(), the function is invoked with the B argument being 1 and the B argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled. On disconnect B is 0 and B is 1 in case no error occurred, else 0. diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod index e0adb2a1d1..4459f541f3 100644 --- a/doc/man3/OSSL_HTTP_transfer.pod +++ b/doc/man3/OSSL_HTTP_transfer.pod @@ -154,7 +154,7 @@ B is a BIO connect/disconnect callback function with prototype The callback may modify the HTTP BIO provided in the B argument, whereby it may make use of a custom defined argument B, which may for instance refer to an I structure. -During connection establishment, just after calling BIO_connect_retry(), +During connection establishment, just after calling BIO_do_connect_retry(), the function is invoked with the B argument being 1 and the B argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled. On disconnect B is 0 and B is 1 if no error occurred, else 0. diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 19f9311c68..88e57e70a8 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -664,8 +664,8 @@ int BIO_sock_should_retry(int i); int BIO_sock_non_fatal_error(int error); int BIO_socket_wait(int fd, int for_read, time_t max_time); # endif -int BIO_wait(BIO *bio, time_t max_time, unsigned int milliseconds); -int BIO_connect_retry(BIO *bio, int timeout); +int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds); +int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds); int BIO_fd_should_retry(int i); int BIO_fd_non_fatal_error(int error); diff --git a/util/libcrypto.num b/util/libcrypto.num index 317481388c..230126ff55 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4926,7 +4926,7 @@ RAND_DRBG_set_callback_data ? 3_0_0 EXIST::FUNCTION: RAND_DRBG_get_callback_data ? 3_0_0 EXIST::FUNCTION: BIO_socket_wait ? 3_0_0 EXIST::FUNCTION:SOCK BIO_wait ? 3_0_0 EXIST::FUNCTION: -BIO_connect_retry ? 3_0_0 EXIST::FUNCTION: +BIO_do_connect_retry ? 3_0_0 EXIST::FUNCTION: ERR_load_HTTP_strings ? 3_0_0 EXIST::FUNCTION: OSSL_HTTP_get ? 3_0_0 EXIST::FUNCTION: OSSL_HTTP_get_asn1 ? 3_0_0 EXIST::FUNCTION: From no-reply at appveyor.com Tue Jun 16 18:27:13 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 16 Jun 2020 18:27:13 +0000 Subject: Build failed: openssl master.34942 Message-ID: <20200616182713.1.01E439C7E3FEA56C@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 16 18:51:22 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jun 2020 18:51:22 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1592333482.039732.26132.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=201, Tests=2004, 773 wallclock secs ( 8.33 usr 1.33 sys + 726.70 cusr 51.03 csys = 787.39 CPU) Result: FAIL Makefile:3088: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3086: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Jun 16 19:02:09 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 16 Jun 2020 19:02:09 +0000 Subject: Errored: openssl/openssl#35492 (master - e98c735) In-Reply-To: Message-ID: <5ee9173033342_13fd7464a85f057984b@travis-pro-tasks-69c98bf455-rwf8v.mail> Build Update for openssl/openssl ------------------------------------- Build: #35492 Status: Errored Duration: 2 hrs, 0 mins, and 4 secs Commit: e98c735 (master) Author: Dr. David von Oheimb Message: Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs Add/extend range check for 'fd' argument of BIO_socket_wait() and bio_wait() Correct nap time calculations in bio_wait(), thus correcting also BIO_wait() Update a type cast from 'unsigned long' to 'unsigned int' Extend the comments and documentation of BIO_wait() Rename BIO_connect_retry() to BIO_do_connect_retry() Make its 'timeout' argument < 0 lead to BIO_do_connect() tried only once Add optional 'nap_milliseconds' parameter determining the polling granularity Correct and generalize the retry case checking Extend the comments and documentation of BIO_do_connect_retry() Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11986) View the changeset: https://github.com/openssl/openssl/compare/9ac916c7529a...e98c7350bfaf View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171661210?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 16 19:34:42 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 16 Jun 2020 19:34:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1592336082.339161.9086.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 670ff08e77 Fix logic error for building x86 CAST assembly 2edb571b4b Fix nits detected by make cmd-nits df4c1d80b2 Update and extend NOTES.WIN, adding 'Quick start' subsection 168c595b14 Chunk 12 of CMP contribution to OpenSSL: CLI-based high-level tests 5e7be6e666 Remove extra newline from CMP mock server error and add TODO on using request template c4a9e3ebbb Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update() 7e8dbb7462 Bug fix in ossl_cmp_hdr_init(): sould not remember recipient as expected sender 1a27fe4be2 Bug fix in ossl_cmp_certRep_new(): must allocate empty extraCerts stack 8b22c283b8 Improve description of CMP untrusted certs and msg 'sender' field 12bbcee21b Make CMP server use same protection for response as for request 5aed1786fc Fill in transactionID on any error in OSSL_CMP_SRV_process_request() 430efff1b9 Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update() ca6f1ba903 Improve cert checking diagnostics of OSSL_CMP_validate_msg() 7aa70fd5e1 Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg() 032b13c784 Correct error reason of verify_signature() in cmp_vfy.c f009e37c76 Extend error output of apps/opt_format() to all error cases 2620c38ba8 Remove meanwhile redundant error output of apps/opt_next(void) parsing numbers 50e09788d5 Fix use of -no-proxy option of CMP app 5a2ba207ed Add request URL path checking and status responses to HTTP server 1693135564 Allow subject of CMP -oldcert as sender unless protection cert is given 7e998a0fdc Correct error output of parse_name() in apps/lib/apps.c and apps/cmp.c 6d934add34 Check expected sender not only for signature-protected CMP messages 0d17c2f4bc Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP options b27ff9b87c Streamline the approach to set CMP message recipient and expected sender ce0465edc7 Fix too strict checks of ossl_cmp_calc_protection() ffb6c86663 Guard new header mac.h against C++isms. 5ea8afd368 Fix two additional instances of the old EVP_MAC_CTX_ functions being used. 7f81aed4bc Use the inherited 'bsd-gcc-shared' config on 32-bit x86 BSDs. Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=201, Tests=1926, 718 wallclock secs ( 7.41 usr 1.24 sys + 676.07 cusr 45.97 csys = 730.69 CPU) Result: FAIL Makefile:3097: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3095: recipe for target 'tests' failed make: *** [tests] Error 2 From nic.tuv at gmail.com Tue Jun 16 19:56:10 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Tue, 16 Jun 2020 19:56:10 +0000 Subject: [openssl] master update Message-ID: <1592337370.946197.12931.nullmailer@dev.openssl.org> The branch master has been updated via 5d8b3a3ef2941b8822523742a0408ca6896aa65d (commit) from e98c7350bfaf0ae1f2b72d68d4c5721de24a478f (commit) - Log ----------------------------------------------------------------- commit 5d8b3a3ef2941b8822523742a0408ca6896aa65d Author: Nicola Tuveri Date: Sat Jun 13 17:29:09 2020 +0300 Refactor BN_R_NO_INVERSE logic in internal functions Closes #12129 As described in https://github.com/openssl/openssl/issues/12129 the readability of the internal functions providing the two alternative implementations for `BN_mod_inverse()` is a bit lacking. Both these functions are now completely internal, so we have the flexibility needed to slightly improve readability and remove unnecessary NULL checks. The main changes here are: - rename `BN_mod_inverse_no_branch()` as `bn_mod_inverse_no_branch()`: this function is `static` so it is not even visible within the rest of libcrypto. By convention upcase prefixes are reserved for public functions. - remove `if (pnoinv == NULL)` checks in `int_bn_mod_inverse()`: this function is internal to the BN module and we can guarantee that all callers pass non-NULL arguments. - `bn_mod_inverse_no_branch()` takes an extra `int *pnoinv` argument, so that it can signal if no inverse exists for the given inputs: in this way the caller is in charge of raising `BN_R_NO_INVERSE` as it is the case for the non-consttime implementation of `int_bn_mod_inverse()`. - `BN_mod_inverse()` is a public function and must guarantee that the internal functions providing the actual implementation receive valid arguments. If the caller passes a NULL `BN_CTX` we create a temporary one for internal use. - reorder function definitions in `crypto/bn/bn_gcd.c` to avoid forward declaration of `static` functions (in preparation for inlining). - inline `bn_mod_inverse_no_branch()`. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12142) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_gcd.c | 384 +++++++++++++++++++++++++----------------------- crypto/err/openssl.txt | 1 - include/openssl/bn.h | 2 +- include/openssl/bnerr.h | 1 - 4 files changed, 201 insertions(+), 187 deletions(-) diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index bed9fca4d9..b84e440800 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -10,22 +10,189 @@ #include "internal/cryptlib.h" #include "bn_local.h" -/* solves ax == 1 (mod n) */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx); - -BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +/* + * bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does + * not contain branches that may leak sensitive information. + * + * This is a static function, we ensure all callers in this file pass valid + * arguments: all passed pointers here are non-NULL. + */ +static ossl_inline +BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx, int *pnoinv) { - BIGNUM *rv; - int noinv; - rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); - if (noinv) - BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); - return rv; + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM *ret = NULL; + int sign; + + bn_check_top(a); + bn_check_top(n); + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + B = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + D = BN_CTX_get(ctx); + M = BN_CTX_get(ctx); + Y = BN_CTX_get(ctx); + T = BN_CTX_get(ctx); + if (T == NULL) + goto err; + + if (in == NULL) + R = BN_new(); + else + R = in; + if (R == NULL) + goto err; + + BN_one(X); + BN_zero(Y); + if (BN_copy(B, a) == NULL) + goto err; + if (BN_copy(A, n) == NULL) + goto err; + A->neg = 0; + + if (B->neg || (BN_ucmp(B, A) >= 0)) { + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_B; + bn_init(&local_B); + BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); + if (!BN_nnmod(B, &local_B, A, ctx)) + goto err; + /* Ensure local_B goes out of scope before any further use of B */ + } + } + sign = -1; + /*- + * From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + */ + + while (!BN_is_zero(B)) { + BIGNUM *tmp; + + /*- + * 0 < B < A, + * (*) -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|) + */ + + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_A; + bn_init(&local_A); + BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); + + /* (D, M) := (A/B, A%B) ... */ + if (!BN_div(D, M, &local_A, B, ctx)) + goto err; + /* Ensure local_A goes out of scope before any further use of A */ + } + + /*- + * Now + * A = D*B + M; + * thus we have + * (**) sign*Y*a == D*B + M (mod |n|). + */ + + tmp = A; /* keep the BIGNUM object, the value does not + * matter */ + + /* (A, B) := (B, A mod B) ... */ + A = B; + B = M; + /* ... so we have 0 <= B < A again */ + + /*- + * Since the former M is now B and the former B is now A, + * (**) translates into + * sign*Y*a == D*A + B (mod |n|), + * i.e. + * sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * -sign*X*a == A (mod |n|). + * + * Thus, + * sign*Y*a + D*sign*X*a == B (mod |n|), + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ + + if (!BN_mul(tmp, D, X, ctx)) + goto err; + if (!BN_add(tmp, tmp, Y)) + goto err; + + M = Y; /* keep the BIGNUM object, the value does not + * matter */ + Y = X; + X = tmp; + sign = -sign; + } + + /*- + * The while loop (Euclid's algorithm) ends when + * A == gcd(a,n); + * we have + * sign*Y*a == A (mod |n|), + * where Y is non-negative. + */ + + if (sign < 0) { + if (!BN_sub(Y, n, Y)) + goto err; + } + /* Now Y*a == A (mod |n|). */ + + if (BN_is_one(A)) { + /* Y*a == 1 (mod |n|) */ + if (!Y->neg && BN_ucmp(Y, n) < 0) { + if (!BN_copy(R, Y)) + goto err; + } else { + if (!BN_nnmod(R, Y, n, ctx)) + goto err; + } + } else { + *pnoinv = 1; + /* caller sets the BN_R_NO_INVERSE error */ + goto err; + } + + ret = R; + *pnoinv = 0; + + err: + if ((ret == NULL) && (in == NULL)) + BN_free(R); + BN_CTX_end(ctx); + bn_check_top(ret); + return ret; } +/* + * This is an internal function, we assume all callers pass valid arguments: + * all pointers passed here are assumed non-NULL. + */ BIGNUM *int_bn_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, int *pnoinv) @@ -36,17 +203,15 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, /* This is invalid input so we don't worry about constant time here */ if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { - if (pnoinv != NULL) - *pnoinv = 1; + *pnoinv = 1; return NULL; } - if (pnoinv != NULL) - *pnoinv = 0; + *pnoinv = 0; if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { - return BN_mod_inverse_no_branch(in, a, n, ctx); + return bn_mod_inverse_no_branch(in, a, n, ctx, pnoinv); } bn_check_top(a); @@ -332,8 +497,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, goto err; } } else { - if (pnoinv) - *pnoinv = 1; + *pnoinv = 1; goto err; } ret = R; @@ -345,175 +509,27 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, return ret; } -/* - * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does - * not contain branches that may leak sensitive information. - */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx) +/* solves ax == 1 (mod n) */ +BIGNUM *BN_mod_inverse(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { - BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; - BIGNUM *ret = NULL; - int sign; - - bn_check_top(a); - bn_check_top(n); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - D = BN_CTX_get(ctx); - M = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - T = BN_CTX_get(ctx); - if (T == NULL) - goto err; - - if (in == NULL) - R = BN_new(); - else - R = in; - if (R == NULL) - goto err; - - BN_one(X); - BN_zero(Y); - if (BN_copy(B, a) == NULL) - goto err; - if (BN_copy(A, n) == NULL) - goto err; - A->neg = 0; - - if (B->neg || (BN_ucmp(B, A) >= 0)) { - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_B; - bn_init(&local_B); - BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); - if (!BN_nnmod(B, &local_B, A, ctx)) - goto err; - /* Ensure local_B goes out of scope before any further use of B */ - } - } - sign = -1; - /*- - * From B = a mod |n|, A = |n| it follows that - * - * 0 <= B < A, - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - */ - - while (!BN_is_zero(B)) { - BIGNUM *tmp; - - /*- - * 0 < B < A, - * (*) -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|) - */ - - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_A; - bn_init(&local_A); - BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); + BN_CTX *new_ctx = NULL; + BIGNUM *rv; + int noinv = 0; - /* (D, M) := (A/B, A%B) ... */ - if (!BN_div(D, M, &local_A, B, ctx)) - goto err; - /* Ensure local_A goes out of scope before any further use of A */ + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new_ex(NULL); + if (ctx == NULL) { + BNerr(BN_F_BN_MOD_INVERSE, ERR_R_MALLOC_FAILURE); + return NULL; } - - /*- - * Now - * A = D*B + M; - * thus we have - * (**) sign*Y*a == D*B + M (mod |n|). - */ - - tmp = A; /* keep the BIGNUM object, the value does not - * matter */ - - /* (A, B) := (B, A mod B) ... */ - A = B; - B = M; - /* ... so we have 0 <= B < A again */ - - /*- - * Since the former M is now B and the former B is now A, - * (**) translates into - * sign*Y*a == D*A + B (mod |n|), - * i.e. - * sign*Y*a - D*A == B (mod |n|). - * Similarly, (*) translates into - * -sign*X*a == A (mod |n|). - * - * Thus, - * sign*Y*a + D*sign*X*a == B (mod |n|), - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. - */ - - if (!BN_mul(tmp, D, X, ctx)) - goto err; - if (!BN_add(tmp, tmp, Y)) - goto err; - - M = Y; /* keep the BIGNUM object, the value does not - * matter */ - Y = X; - X = tmp; - sign = -sign; - } - - /*- - * The while loop (Euclid's algorithm) ends when - * A == gcd(a,n); - * we have - * sign*Y*a == A (mod |n|), - * where Y is non-negative. - */ - - if (sign < 0) { - if (!BN_sub(Y, n, Y)) - goto err; } - /* Now Y*a == A (mod |n|). */ - if (BN_is_one(A)) { - /* Y*a == 1 (mod |n|) */ - if (!Y->neg && BN_ucmp(Y, n) < 0) { - if (!BN_copy(R, Y)) - goto err; - } else { - if (!BN_nnmod(R, Y, n, ctx)) - goto err; - } - } else { - BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE); - goto err; - } - ret = R; - err: - if ((ret == NULL) && (in == NULL)) - BN_free(R); - BN_CTX_end(ctx); - bn_check_top(ret); - return ret; + rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); + if (noinv) + BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); + BN_CTX_free(new_ctx); + return rv; } /*- diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 8fd805cd9c..40148e8a2c 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -221,7 +221,6 @@ BN_F_BN_MOD_EXP_MONT_WORD:117:BN_mod_exp_mont_word BN_F_BN_MOD_EXP_RECP:125:BN_mod_exp_recp BN_F_BN_MOD_EXP_SIMPLE:126:BN_mod_exp_simple BN_F_BN_MOD_INVERSE:110:BN_mod_inverse -BN_F_BN_MOD_INVERSE_NO_BRANCH:139:BN_mod_inverse_no_branch BN_F_BN_MOD_LSHIFT_QUICK:119:BN_mod_lshift_quick BN_F_BN_MOD_SQRT:121:BN_mod_sqrt BN_F_BN_MONT_CTX_NEW:149:BN_MONT_CTX_new diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 94d8710289..cafb66e905 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -62,7 +62,7 @@ extern "C" { * avoid leaking exponent information through timing, * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, * BN_div() will call BN_div_no_branch, - * BN_mod_inverse() will call BN_mod_inverse_no_branch. + * BN_mod_inverse() will call bn_mod_inverse_no_branch. */ # define BN_FLG_CONSTTIME 0x04 # define BN_FLG_SECURE 0x08 diff --git a/include/openssl/bnerr.h b/include/openssl/bnerr.h index 8304cef4ba..d5c442a400 100644 --- a/include/openssl/bnerr.h +++ b/include/openssl/bnerr.h @@ -61,7 +61,6 @@ int ERR_load_BN_strings(void); # define BN_F_BN_MOD_EXP_RECP 0 # define BN_F_BN_MOD_EXP_SIMPLE 0 # define BN_F_BN_MOD_INVERSE 0 -# define BN_F_BN_MOD_INVERSE_NO_BRANCH 0 # define BN_F_BN_MOD_LSHIFT_QUICK 0 # define BN_F_BN_MOD_SQRT 0 # define BN_F_BN_MONT_CTX_NEW 0 From builds at travis-ci.com Tue Jun 16 21:47:33 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 16 Jun 2020 21:47:33 +0000 Subject: Errored: openssl/openssl#35494 (master - 5d8b3a3) In-Reply-To: Message-ID: <5ee93df4cf91a_13f9c1e6a46b41642b6@travis-pro-tasks-fd6bb8c7c-cm5n6.mail> Build Update for openssl/openssl ------------------------------------- Build: #35494 Status: Errored Duration: 1 hr, 50 mins, and 8 secs Commit: 5d8b3a3 (master) Author: Nicola Tuveri Message: Refactor BN_R_NO_INVERSE logic in internal functions Closes #12129 As described in https://github.com/openssl/openssl/issues/12129 the readability of the internal functions providing the two alternative implementations for `BN_mod_inverse()` is a bit lacking. Both these functions are now completely internal, so we have the flexibility needed to slightly improve readability and remove unnecessary NULL checks. The main changes here are: - rename `BN_mod_inverse_no_branch()` as `bn_mod_inverse_no_branch()`: this function is `static` so it is not even visible within the rest of libcrypto. By convention upcase prefixes are reserved for public functions. - remove `if (pnoinv == NULL)` checks in `int_bn_mod_inverse()`: this function is internal to the BN module and we can guarantee that all callers pass non-NULL arguments. - `bn_mod_inverse_no_branch()` takes an extra `int *pnoinv` argument, so that it can signal if no inverse exists for the given inputs: in this way the caller is in charge of raising `BN_R_NO_INVERSE` as it is the case for the non-consttime implementation of `int_bn_mod_inverse()`. - `BN_mod_inverse()` is a public function and must guarantee that the internal functions providing the actual implementation receive valid arguments. If the caller passes a NULL `BN_CTX` we create a temporary one for internal use. - reorder function definitions in `crypto/bn/bn_gcd.c` to avoid forward declaration of `static` functions (in preparation for inlining). - inline `bn_mod_inverse_no_branch()`. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12142) View the changeset: https://github.com/openssl/openssl/compare/e98c7350bfaf...5d8b3a3ef294 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171689049?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Tue Jun 16 23:09:36 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 16 Jun 2020 23:09:36 +0000 Subject: [openssl] master update Message-ID: <1592348976.135708.3225.nullmailer@dev.openssl.org> The branch master has been updated via 5a147abd790075cdc97b36ff5084e2eb1d779b95 (commit) from 5d8b3a3ef2941b8822523742a0408ca6896aa65d (commit) - Log ----------------------------------------------------------------- commit 5a147abd790075cdc97b36ff5084e2eb1d779b95 Author: Dmitry Belyavskiy Date: Fri Jun 12 10:59:46 2020 +0300 Update gost-engine submodule to match EVP_MAC renaming [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12124) ----------------------------------------------------------------------- Summary of changes: gost-engine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gost-engine b/gost-engine index 4108e77e0e..30860f9403 160000 --- a/gost-engine +++ b/gost-engine @@ -1 +1 @@ -Subproject commit 4108e77e0eb091fdd9b9c4174374a6ac0cc0abd0 +Subproject commit 30860f940321eb4762d6449ffef48fc93ad2d2e8 From openssl at openssl.org Wed Jun 17 01:33:50 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jun 2020 01:33:50 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1592357630.579397.4109.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=201, Tests=1929, 815 wallclock secs ( 9.12 usr 1.31 sys + 723.74 cusr 49.39 csys = 783.56 CPU) Result: FAIL Makefile:3088: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3086: recipe for target 'tests' failed make: *** [tests] Error 2 From shane.lontis at oracle.com Wed Jun 17 01:54:32 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 17 Jun 2020 01:54:32 +0000 Subject: [openssl] master update Message-ID: <1592358872.779622.20238.nullmailer@dev.openssl.org> The branch master has been updated via 4f2271d58a36b2aee125062ffb9626c6208fa394 (commit) from 5a147abd790075cdc97b36ff5084e2eb1d779b95 (commit) - Log ----------------------------------------------------------------- commit 4f2271d58a36b2aee125062ffb9626c6208fa394 Author: Shane Lontis Date: Wed Jun 17 11:33:16 2020 +1000 Add ACVP fips module tests For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests. This PR uses a hardwired subset of these test vectors to perform similiar operations, to show the usage and prove that the API's are able to perform the required operations. It may also help with communication with the lab (i.e- The lab could add a test here to show a unworking use case - which we can then address). The EVP layer performs these tests instead of calling lower level API's as was done in the old FOM. Some of these tests require access to internals that are not normally allowed/required. The config option 'acvp_tests' (enabled by default) has been added so that this access may be removed. The mechanism has been implemented as additional OSSL_PARAM values that can be set and get. A callback mechanism did not seem to add any additional benefit. These params will not be added to the gettables lists. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11572) ----------------------------------------------------------------------- Summary of changes: Configure | 1 + INSTALL.md | 10 + crypto/dh/dh_check.c | 4 +- crypto/dh/dh_gen.c | 15 +- crypto/dh/dh_pmeth.c | 17 +- crypto/dsa/dsa_check.c | 4 +- crypto/dsa/dsa_gen.c | 27 +- crypto/dsa/dsa_pmeth.c | 6 +- crypto/ffc/ffc_backend.c | 22 + crypto/ffc/ffc_params.c | 59 + crypto/ffc/ffc_params_generate.c | 208 +-- crypto/ffc/ffc_params_validate.c | 24 +- crypto/rsa/build.info | 4 + crypto/rsa/rsa_acvp_test_params.c | 167 ++ crypto/rsa/rsa_backend.c | 8 +- crypto/rsa/rsa_gen.c | 4 +- crypto/rsa/rsa_lib.c | 5 + crypto/rsa/rsa_local.h | 38 +- crypto/rsa/rsa_sp800_56b_gen.c | 74 +- doc/man7/EVP_PKEY-RSA.pod | 53 + include/crypto/dh.h | 4 +- include/crypto/dsa.h | 4 +- include/crypto/rsa.h | 16 +- include/internal/ffc.h | 55 +- include/openssl/core_names.h | 44 +- providers/implementations/keymgmt/dh_kmgmt.c | 29 +- providers/implementations/keymgmt/dsa_kmgmt.c | 29 +- providers/implementations/keymgmt/ec_kmgmt.c | 47 +- providers/implementations/keymgmt/rsa_kmgmt.c | 23 +- providers/implementations/signature/build.info | 4 +- providers/implementations/signature/dsa.c | 18 +- providers/implementations/signature/ecdsa.c | 25 +- providers/implementations/signature/rsa.c | 19 +- test/acvp_test.c | 1367 ++++++++++++++++ test/acvp_test.inc | 1984 ++++++++++++++++++++++++ test/build.info | 7 + test/ffc_internal_test.c | 149 +- test/recipes/30-test_acvp.t | 41 + test/rsa_sp800_56b_test.c | 128 -- 39 files changed, 4236 insertions(+), 507 deletions(-) create mode 100644 crypto/rsa/rsa_acvp_test_params.c create mode 100644 test/acvp_test.c create mode 100644 test/acvp_test.inc create mode 100644 test/recipes/30-test_acvp.t diff --git a/Configure b/Configure index 1a22f47822..a0b9c22b6d 100755 --- a/Configure +++ b/Configure @@ -360,6 +360,7 @@ my @dtls = qw(dtls1 dtls1_2); # For developers: keep it sorted alphabetically my @disablables = ( + "acvp_tests", "afalgeng", "aria", "asan", diff --git a/INSTALL.md b/INSTALL.md index 88961aa74b..981a86af04 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -501,6 +501,16 @@ never be used in production environments. It will only work when used with gcc or clang and should be used in conjunction with the [no-shared](#no-shared) option. +### no-acvp_tests + +Do not build support for Automated Cryptographic Validation Protocol (ACVP) +tests. + +This is required for FIPS validation purposes. Certain ACVP tests require +access to algorithm internals that are not normally accessible. +Additional information related to ACVP can be found at +. + ### no-asm Do not use assembler code. diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 9dd595ae12..a223121cd0 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -62,8 +62,8 @@ int DH_check_params(const DH *dh, int *ret) * (2b) FFC domain params conform to FIPS-186-4 explicit domain param * validity tests. */ - return ffc_params_FIPS186_4_validate(&dh->params, FFC_PARAM_TYPE_DH, NULL, - FFC_PARAMS_VALIDATE_ALL, ret, NULL); + return ffc_params_FIPS186_4_validate(dh->libctx, &dh->params, + FFC_PARAM_TYPE_DH, ret, NULL); } #else int DH_check_params(const DH *dh, int *ret) diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 8c1518ad9b..52f3151bc8 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -35,28 +35,21 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); #endif /* FIPS_MODULE */ -int dh_generate_ffc_parameters(DH *dh, int type, int pbits, - int qbits, EVP_MD *md, BN_GENCB *cb) +int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, + BN_GENCB *cb) { int ret, res; - if (qbits <= 0) { - if (md != NULL) - qbits = EVP_MD_size(md) * 8; - else - qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH : - SHA_DIGEST_LENGTH) * 8; - } #ifndef FIPS_MODULE if (type == DH_PARAMGEN_TYPE_FIPS_186_2) ret = ffc_params_FIPS186_2_generate(dh->libctx, &dh->params, FFC_PARAM_TYPE_DH, - pbits, qbits, md, &res, cb); + pbits, qbits, &res, cb); else #endif ret = ffc_params_FIPS186_4_generate(dh->libctx, &dh->params, FFC_PARAM_TYPE_DH, - pbits, qbits, md, &res, cb); + pbits, qbits, &res, cb); if (ret > 0) dh->dirty_cnt++; return ret; diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 23527acf04..39b79ffb36 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -286,7 +286,6 @@ static DH *ffc_params_generate(OPENSSL_CTX *libctx, DH_PKEY_CTX *dctx, int res; int prime_len = dctx->prime_len; int subprime_len = dctx->subprime_len; - const EVP_MD *md = dctx->md; if (dctx->paramgen_type > DH_PARAMGEN_TYPE_FIPS_186_4) return NULL; @@ -300,26 +299,22 @@ static DH *ffc_params_generate(OPENSSL_CTX *libctx, DH_PKEY_CTX *dctx, else subprime_len = 160; } - if (md == NULL) { - if (prime_len >= 2048) - md = EVP_sha256(); - else - md = EVP_sha1(); - } + + if (dctx->md != NULL) + ffc_set_digest(&ret->params, EVP_MD_name(dctx->md), NULL); + # ifndef FIPS_MODULE if (dctx->paramgen_type == DH_PARAMGEN_TYPE_FIPS_186_2) rv = ffc_params_FIPS186_2_generate(libctx, &ret->params, FFC_PARAM_TYPE_DH, - prime_len, subprime_len, md, &res, - pcb); + prime_len, subprime_len, &res, pcb); else # endif /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */ if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) rv = ffc_params_FIPS186_4_generate(libctx, &ret->params, FFC_PARAM_TYPE_DH, - prime_len, subprime_len, md, &res, - pcb); + prime_len, subprime_len, &res, pcb); if (rv <= 0) { DH_free(ret); return NULL; diff --git a/crypto/dsa/dsa_check.c b/crypto/dsa/dsa_check.c index dc42ec5f5f..01cf0f6341 100644 --- a/crypto/dsa/dsa_check.c +++ b/crypto/dsa/dsa_check.c @@ -19,8 +19,8 @@ int dsa_check_params(const DSA *dsa, int *ret) * (2b) FFC domain params conform to FIPS-186-4 explicit domain param * validity tests. */ - return ffc_params_FIPS186_4_validate(&dsa->params, FFC_PARAM_TYPE_DSA, NULL, - FFC_PARAMS_VALIDATE_ALL, ret, NULL); + return ffc_params_FIPS186_4_validate(dsa->libctx, &dsa->params, + FFC_PARAM_TYPE_DSA, ret, NULL); } /* diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index acd088ee79..9d5e91de29 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -23,29 +23,21 @@ #include "crypto/dsa.h" #include "dsa_local.h" -int dsa_generate_ffc_parameters(DSA *dsa, int type, - int pbits, int qbits, - EVP_MD *md, BN_GENCB *cb) +int dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits, + BN_GENCB *cb) { int ret = 0, res; - if (qbits <= 0) { - if (md != NULL) - qbits = EVP_MD_size(md) * 8; - else - qbits = (pbits >= 2048 ? SHA256_DIGEST_LENGTH : - SHA_DIGEST_LENGTH) * 8; - } #ifndef FIPS_MODULE if (type == DSA_PARAMGEN_TYPE_FIPS_186_2) ret = ffc_params_FIPS186_2_generate(dsa->libctx, &dsa->params, FFC_PARAM_TYPE_DSA, - pbits, qbits, md, &res, cb); + pbits, qbits, &res, cb); else #endif ret = ffc_params_FIPS186_4_generate(dsa->libctx, &dsa->params, FFC_PARAM_TYPE_DSA, - pbits, qbits, md, &res, cb); + pbits, qbits, &res, cb); if (ret > 0) dsa->dirty_cnt++; return ret; @@ -57,26 +49,21 @@ int DSA_generate_parameters_ex(DSA *dsa, int bits, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { -#ifndef FIPS_MODULE if (dsa->meth->dsa_paramgen) return dsa->meth->dsa_paramgen(dsa, bits, seed_in, seed_len, counter_ret, h_ret, cb); -#endif if (seed_in != NULL && !ffc_params_set_validate_params(&dsa->params, seed_in, seed_len, -1)) return 0; -#ifndef FIPS_MODULE /* The old code used FIPS 186-2 DSA Parameter generation */ if (bits <= 1024 && seed_len == 20) { if (!dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2, - bits, 160, NULL, cb)) + bits, 160, cb)) return 0; - } else -#endif - { + } else { if (!dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_4, - bits, -1, NULL, cb)) + bits, -1, cb)) return 0; } diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 7f7f57f6d3..7b364059e7 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -217,9 +217,11 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) BN_GENCB_free(pcb); return 0; } + if (dctx->md != NULL) + ffc_set_digest(&dsa->params, EVP_MD_name(dctx->md), NULL); + ret = ffc_params_FIPS186_4_generate(NULL, &dsa->params, FFC_PARAM_TYPE_DSA, - dctx->nbits, dctx->qbits, dctx->pmd, - &res, pcb); + dctx->nbits, dctx->qbits, &res, pcb); BN_GENCB_free(pcb); if (ret > 0) EVP_PKEY_assign_DSA(pkey, dsa); diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c index c34e79bf4f..49f42d70d0 100644 --- a/crypto/ffc/ffc_backend.c +++ b/crypto/ffc/ffc_backend.c @@ -78,6 +78,28 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) if (!ffc_params_set_seed(ffc, prm->data, prm->data_size)) goto err; } + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE); + if (prm != NULL) { + if (prm->data_type != OSSL_PARAM_UTF8_STRING) + goto err; + ffc_params_set_flags(ffc, ffc_params_flags_from_name(prm->data)); + } + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST); + if (prm != NULL) { + const OSSL_PARAM *p1; + const char *props = NULL; + + if (prm->data_type != OSSL_PARAM_UTF8_STRING) + goto err; + p1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS); + if (p1 != NULL) { + if (p1->data_type != OSSL_PARAM_UTF8_STRING) + goto err; + } + if (!ffc_set_digest(ffc, prm->data, props)) + goto err; + } + ffc_params_set0_pqg(ffc, p, q, g); ffc_params_set0_j(ffc, j); return 1; diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c index a95a2fa12b..0796d34337 100644 --- a/crypto/ffc/ffc_params.c +++ b/crypto/ffc/ffc_params.c @@ -11,6 +11,8 @@ #include #include "internal/ffc.h" #include "internal/param_build_set.h" +#include "internal/nelem.h" +#include "e_os.h" /* strcasecmp */ #ifndef FIPS_MODULE # include /* ffc_params_print */ @@ -21,6 +23,7 @@ void ffc_params_init(FFC_PARAMS *params) memset(params, 0, sizeof(*params)); params->pcounter = -1; params->gindex = FFC_UNVERIFIABLE_GINDEX; + params->flags = FFC_PARAM_FLAG_VALIDATE_ALL; } void ffc_params_cleanup(FFC_PARAMS *params) @@ -109,6 +112,18 @@ void ffc_params_set_h(FFC_PARAMS *params, int index) params->h = index; } +void ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags) +{ + params->flags = flags; +} + +int ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props) +{ + params->mdname = alg; + params->mdprops = props; + return 1; +} + int ffc_params_set_validate_params(FFC_PARAMS *params, const unsigned char *seed, size_t seedlen, int counter) @@ -182,6 +197,36 @@ int ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q) && (ignore_q || BN_cmp(a->q, b->q) == 0); /* Note: q may be NULL */ } +static const OSSL_ITEM flag_map[] = { + { FFC_PARAM_FLAG_VALIDATE_PQ, OSSL_FFC_PARAM_VALIDATE_PQ }, + { FFC_PARAM_FLAG_VALIDATE_G, OSSL_FFC_PARAM_VALIDATE_G }, + { FFC_PARAM_FLAG_VALIDATE_ALL, OSSL_FFC_PARAM_VALIDATE_PQG }, + { 0, "" } +}; + +int ffc_params_flags_from_name(const char *name) +{ + size_t i; + + for (i = 0; i < OSSL_NELEM(flag_map); ++i) { + if (strcasecmp(flag_map[i].ptr, name) == 0) + return flag_map[i].id; + } + return NID_undef; +} + +const char *ffc_params_flags_to_name(int flags) +{ + size_t i; + + flags &= FFC_PARAM_FLAG_VALIDATE_ALL; + for (i = 0; i < OSSL_NELEM(flag_map); ++i) { + if ((int)flag_map[i].id == flags) + return flag_map[i].ptr; + } + return ""; +} + int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) { @@ -228,6 +273,20 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, return 0; #endif } + if (!ossl_param_build_set_utf8_string(bld, params, + OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE, + ffc_params_flags_to_name(ffc->flags))) + return 0; + if (ffc->mdname != NULL + && !ossl_param_build_set_utf8_string(bld, params, + OSSL_PKEY_PARAM_FFC_DIGEST, + ffc->mdname)) + return 0; + if (ffc->mdprops != NULL + && !ossl_param_build_set_utf8_string(bld, params, + OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, + ffc->mdprops)) + return 0; return 1; } diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index 624c24dd21..b3ab476f3f 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -413,18 +413,15 @@ err: return ret; } -static EVP_MD *fetch_default_md(OPENSSL_CTX *libctx, size_t N) +static const char *default_mdname(size_t N) { - char *name = NULL; - if (N == 160) - name = "SHA1"; + return "SHA1"; else if (N == 224) - name = "SHA-224"; + return "SHA-224"; else if (N == 256) - name = "SHA-256"; - - return name != NULL ? EVP_MD_fetch(libctx, name, "") : NULL; + return "SHA-256"; + return NULL; } /* @@ -446,6 +443,13 @@ static EVP_MD *fetch_default_md(OPENSSL_CTX *libctx, size_t N) * the seed and index used during generation as input. * * params: used to pass in values for generation and validation. + * params->md: is the digest to use, If this value is NULL, then the digest is + * chosen using the value of N. + * params->flags: + * For validation one of: + * -FFC_PARAM_FLAG_VALIDATE_PQ + * -FFC_PARAM_FLAG_VALIDATE_G + * -FFC_PARAM_FLAG_VALIDATE_ALL * For generation of p & q: * - This is skipped if p & q are passed in. * - If the seed is passed in then generation of p & q uses this seed (and if @@ -462,48 +466,58 @@ static EVP_MD *fetch_default_md(OPENSSL_CTX *libctx, size_t N) * - For a partial validation : p, q and g are required. * - For a canonical validation : the gindex and seed used for generation are * also required. + * mode: The mode - either FFC_PARAM_MODE_GENERATE or FFC_PARAM_MODE_VERIFY. * type: The key type - FFC_PARAM_TYPE_DSA or FFC_PARAM_TYPE_DH. * L: is the size of the prime p in bits (e.g 2048) * N: is the size of the prime q in bits (e.g 256) - * evpmd: is the digest to use, If this value is NULL, then the digest is chosen - * using the value of N. - * validate_flags: - * or generation: FFC_PARAMS_GENERATE. - * For validation one of: - * -FFC_PARAMS_VALIDATE_PQ - * -FFC_PARAMS_VALIDATE_G - * -FFC_PARAMS_VALIDATE_ALL * res: A returned failure reason (One of FFC_CHECK_XXXX), * or 0 for general failures. * cb: A callback (can be NULL) that is called during different phases * * Returns: - * - FFC_PARAMS_RET_STATUS_FAILED: if there was an error, or validation failed. - * - FFC_PARAMS_RET_STATUS_SUCCESS if the generation or validation succeeded. - * - FFC_PARAMS_RET_STATUS_UNVERIFIABLE_G if the validation of G succeeded, + * - FFC_PARAM_RET_STATUS_FAILED: if there was an error, or validation failed. + * - FFC_PARAM_RET_STATUS_SUCCESS if the generation or validation succeeded. + * - FFC_PARAM_RET_STATUS_UNVERIFIABLE_G if the validation of G succeeded, * but G is unverifiable. */ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - const EVP_MD *evpmd, int validate_flags, + int mode, int type, size_t L, size_t N, int *res, BN_GENCB *cb) { - int ok = FFC_PARAMS_RET_STATUS_FAILED; + int ok = FFC_PARAM_RET_STATUS_FAILED; unsigned char *seed = NULL, *seed_tmp = NULL; int mdsize, counter = 0, pcounter = 0, r = 0; size_t seedlen = 0; BIGNUM *tmp, *pm1, *e, *test; BIGNUM *g = NULL, *q = NULL, *p = NULL; BN_MONT_CTX *mont = NULL; - int n = 0, m = 0, qsize = N >> 3; + int n = 0, m = 0, qsize; int canonical_g = 0, hret = 0; BN_CTX *ctx = NULL; EVP_MD_CTX *mctx = NULL; - int generate = (validate_flags == 0); - EVP_MD *evpmd_fetch = NULL; + EVP_MD *md = NULL; + int verify = (mode == FFC_PARAM_MODE_VERIFY); + unsigned int flags = verify ? params->flags : 0; *res = 0; + if (params->mdname != NULL) { + md = EVP_MD_fetch(libctx, params->mdname, params->mdprops); + } else { + if (N <= 0) + N = (L >= 2048 ? SHA256_DIGEST_LENGTH : SHA_DIGEST_LENGTH) * 8; + md = EVP_MD_fetch(libctx, default_mdname(N), NULL); + } + if (md == NULL) + goto err; + mdsize = EVP_MD_size(md); + if (mdsize <= 0) + goto err; + + if (N <= 0) + N = mdsize * 8; + qsize = N >> 3; + /* * A.1.1.2 Step (1) AND * A.1.1.3 Step (3) @@ -518,15 +532,6 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, if (mctx == NULL) goto err; - if (evpmd == NULL) { - evpmd_fetch = fetch_default_md(libctx, N); - evpmd = evpmd_fetch; - } - - mdsize = EVP_MD_size(evpmd); - if (mdsize <= 0) - goto err; - if ((ctx = BN_CTX_new_ex(libctx)) == NULL) goto err; @@ -546,7 +551,7 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, if (params->seed != NULL) seed = params->seed; - if (generate) { + if (!verify) { /* For generation: p & q must both be NULL or NON-NULL */ if ((params->p == NULL) != (params->q == NULL)) { *res = FFC_CHECK_INVALID_PQ; @@ -554,13 +559,13 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, } } else { /* Validation of p,q requires seed and counter to be valid */ - if ((validate_flags & FFC_PARAMS_VALIDATE_PQ) != 0) { + if ((flags & FFC_PARAM_FLAG_VALIDATE_PQ) != 0) { if (seed == NULL || params->pcounter < 0) { *res = FFC_CHECK_MISSING_SEED_OR_COUNTER; goto err; } } - if ((validate_flags & FFC_PARAMS_VALIDATE_G) != 0) { + if ((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) { /* validation of g also requires g to be set */ if (params->g == NULL) { *res = FFC_CHECK_INVALID_G; @@ -574,7 +579,7 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, * validate_flags = 0 then skip the generation of PQ. * validate_flags = VALIDATE_G then also skip the validation of PQ. */ - if (params->p != NULL && ((validate_flags & FFC_PARAMS_VALIDATE_PQ) == 0)) { + if (params->p != NULL && ((flags & FFC_PARAM_FLAG_VALIDATE_PQ) == 0)) { /* p and q already exists so only generate g */ p = params->p; q = params->q; @@ -604,7 +609,7 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, if (seed == NULL) { /* Validation requires the seed to be supplied */ - if (validate_flags) { + if (verify) { *res = FFC_CHECK_MISSING_SEED_OR_COUNTER; goto err; } @@ -617,7 +622,7 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, /* A.1.1.2 Step (11): max loop count = 4L - 1 */ counter = 4 * L - 1; /* Validation requires the counter to be supplied */ - if (validate_flags) { + if (verify) { /* A.1.1.3 Step (4) : if (counter > (4L -1)) return INVALID */ if (params->pcounter > counter) { *res = FFC_CHECK_INVALID_COUNTER; @@ -638,11 +643,11 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, goto err; for (;;) { - if (!generate_q_fips186_4(ctx, q, evpmd, qsize, seed, seedlen, + if (!generate_q_fips186_4(ctx, q, md, qsize, seed, seedlen, seed != params->seed, &m, res, cb)) goto err; /* A.1.1.3 Step (9): Verify that q matches the expected value */ - if (validate_flags && (BN_cmp(q, params->q) != 0)) { + if (verify && (BN_cmp(q, params->q) != 0)) { *res = FFC_CHECK_Q_MISMATCH; goto err; } @@ -652,8 +657,8 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, goto err; memcpy(seed_tmp, seed, seedlen); - r = generate_p(ctx, evpmd, counter, n, seed_tmp, seedlen, q, p, L, cb, - &pcounter, res); + r = generate_p(ctx, md, counter, n, seed_tmp, seedlen, q, p, L, + cb, &pcounter, res); if (r > 0) break; /* found p */ if (r < 0) @@ -674,11 +679,11 @@ int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, * Gets here if we found p. * A.1.1.3 Step (14): return error if i != counter OR computed_p != known_p. */ - if (validate_flags && (pcounter != counter || (BN_cmp(p, params->p) != 0))) + if (verify && (pcounter != counter || (BN_cmp(p, params->p) != 0))) goto err; /* If validating p & q only then skip the g validation test */ - if ((validate_flags & FFC_PARAMS_VALIDATE_ALL) == FFC_PARAMS_VALIDATE_PQ) + if ((flags & FFC_PARAM_FLAG_VALIDATE_ALL) == FFC_PARAM_FLAG_VALIDATE_PQ) goto pass; g_only: if ((mont = BN_MONT_CTX_new()) == NULL) @@ -686,7 +691,7 @@ g_only: if (!BN_MONT_CTX_set(mont, p, ctx)) goto err; - if (((validate_flags & FFC_PARAMS_VALIDATE_G) != 0) + if (((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) && !ffc_params_validate_unverifiable_g(ctx, mont, p, q, params->g, tmp, res)) goto err; @@ -703,17 +708,17 @@ g_only: /* Canonical g requires a seed and index to be set */ if ((seed != NULL) && (params->gindex != FFC_UNVERIFIABLE_GINDEX)) { canonical_g = 1; - if (!generate_canonical_g(ctx, mont, evpmd, g, tmp, p, e, + if (!generate_canonical_g(ctx, mont, md, g, tmp, p, e, params->gindex, seed, seedlen)) { *res = FFC_CHECK_INVALID_G; goto err; } /* A.2.4 Step (13): Return valid if computed_g == g */ - if (validate_flags && BN_cmp(g, params->g) != 0) { + if (verify && BN_cmp(g, params->g) != 0) { *res = FFC_CHECK_G_MISMATCH; goto err; } - } else if (generate) { + } else if (!verify) { if (!generate_unverifiable_g(ctx, mont, g, tmp, p, e, pm1, &hret)) goto err; } @@ -721,7 +726,7 @@ g_only: if (!BN_GENCB_call(cb, 3, 1)) goto err; - if (generate) { + if (!verify) { if (p != params->p) { BN_free(params->p); params->p = BN_dup(p); @@ -741,11 +746,11 @@ g_only: params->h = hret; } pass: - if ((validate_flags & FFC_PARAMS_VALIDATE_G) != 0 && (canonical_g == 0)) + if ((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0 && (canonical_g == 0)) /* Return for the case where g is partially valid */ - ok = FFC_PARAMS_RET_STATUS_UNVERIFIABLE_G; + ok = FFC_PARAM_RET_STATUS_UNVERIFIABLE_G; else - ok = FFC_PARAMS_RET_STATUS_SUCCESS; + ok = FFC_PARAM_RET_STATUS_SUCCESS; err: if (seed != params->seed) OPENSSL_free(seed); @@ -754,33 +759,47 @@ err: BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); - EVP_MD_free(evpmd_fetch); EVP_MD_CTX_free(mctx); + EVP_MD_free(md); return ok; } int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - const EVP_MD *evpmd, int validate_flags, + int mode, int type, size_t L, size_t N, int *res, BN_GENCB *cb) { - int ok = FFC_PARAMS_RET_STATUS_FAILED; + int ok = FFC_PARAM_RET_STATUS_FAILED; unsigned char seed[SHA256_DIGEST_LENGTH]; unsigned char buf[SHA256_DIGEST_LENGTH]; BIGNUM *r0, *test, *tmp, *g = NULL, *q = NULL, *p = NULL; BN_MONT_CTX *mont = NULL; - size_t qsize = N >> 3; + EVP_MD *md = NULL; + size_t qsize; int n = 0, m = 0; int counter = 0, pcounter = 0, use_random_seed; int rv; BN_CTX *ctx = NULL; int hret = -1; - int generate = (validate_flags == 0); unsigned char *seed_in = params->seed; size_t seed_len = params->seedlen; - EVP_MD *evpmd_fetch = NULL; + int verify = (mode == FFC_PARAM_MODE_VERIFY); + unsigned int flags = verify ? params->flags : 0; *res = 0; + + if (params->mdname != NULL) { + md = EVP_MD_fetch(libctx, params->mdname, params->mdprops); + } else { + if (N <= 0) + N = (L >= 2048 ? SHA256_DIGEST_LENGTH : SHA_DIGEST_LENGTH) * 8; + md = EVP_MD_fetch(libctx, default_mdname(N), NULL); + } + if (md == NULL) + goto err; + if (N <= 0) + N = EVP_MD_size(md) * 8; + qsize = N >> 3; + #ifdef FIPS_MODULE /* * FIPS 186-4 states that validation can only be done for this pair. @@ -788,7 +807,7 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, */ if (L != 1024 || N != 160) { *res = FFC_CHECK_BAD_LN_PAIR; - return FFC_PARAMS_RET_STATUS_FAILED; + goto err; } #endif if (qsize != SHA_DIGEST_LENGTH @@ -796,17 +815,7 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, && qsize != SHA256_DIGEST_LENGTH) { /* invalid q size */ *res = FFC_CHECK_INVALID_Q_VALUE; - return FFC_PARAMS_RET_STATUS_FAILED; - } - - if (evpmd == NULL) { - evpmd_fetch = fetch_default_md(libctx, qsize * 8); - evpmd = evpmd_fetch; - } else { - rv = EVP_MD_size(evpmd); - if (rv <= 0) - return 0; - qsize = (size_t)rv; + goto err; } if (L < 512) @@ -817,12 +826,11 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, if (seed_in != NULL) { if (seed_len < qsize) { *res = FFC_CHECK_INVALID_SEED_SIZE; - return 0; + goto err; } - if (seed_len > qsize) { - /* Only consume as much seed as is expected. */ + /* Only consume as much seed as is expected. */ + if (seed_len > qsize) seed_len = qsize; - } memcpy(seed, seed_in, seed_len); } @@ -844,21 +852,21 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, if (!BN_lshift(test, BN_value_one(), L - 1)) goto err; - if (generate) { + if (!verify) { /* For generation: p & q must both be NULL or NON-NULL */ if ((params->p != NULL) != (params->q != NULL)) { *res = FFC_CHECK_INVALID_PQ; goto err; } } else { - if ((validate_flags & FFC_PARAMS_VALIDATE_PQ) != 0) { + if ((flags & FFC_PARAM_FLAG_VALIDATE_PQ) != 0) { /* Validation of p,q requires seed and counter to be valid */ if (seed_in == NULL || params->pcounter < 0) { *res = FFC_CHECK_MISSING_SEED_OR_COUNTER; goto err; } } - if ((validate_flags & FFC_PARAMS_VALIDATE_G) != 0) { + if ((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) { /* validation of g also requires g to be set */ if (params->g == NULL) { *res = FFC_CHECK_INVALID_G; @@ -867,7 +875,7 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, } } - if (params->p != NULL && ((validate_flags & FFC_PARAMS_VALIDATE_PQ) == 0)) { + if (params->p != NULL && ((flags & FFC_PARAM_FLAG_VALIDATE_PQ) == 0)) { /* p and q already exists so only generate g */ p = params->p; q = params->q; @@ -877,7 +885,7 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, use_random_seed = (seed_in == NULL); for (;;) { - if (!generate_q_fips186_2(ctx, q, evpmd, buf, seed, qsize, + if (!generate_q_fips186_2(ctx, q, md, buf, seed, qsize, use_random_seed, &m, res, cb)) goto err; @@ -890,7 +898,7 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, n = (L - 1) / 160; counter = 4 * L - 1; /* Was 4096 */ /* Validation requires the counter to be supplied */ - if (validate_flags) { + if (verify) { if (params->pcounter > counter) { *res = FFC_CHECK_INVALID_COUNTER; goto err; @@ -898,7 +906,7 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, counter = params->pcounter; } - rv = generate_p(ctx, evpmd, counter, n, buf, qsize, q, p, L, cb, + rv = generate_p(ctx, md, counter, n, buf, qsize, q, p, L, cb, &pcounter, res); if (rv > 0) break; /* found it */ @@ -911,7 +919,7 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, if (!BN_GENCB_call(cb, 2, 1)) goto err; - if (validate_flags) { + if (verify) { if (pcounter != counter) { *res = FFC_CHECK_COUNTER_MISMATCH; goto err; @@ -922,7 +930,7 @@ int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, } } /* If validating p & q only then skip the g validation test */ - if ((validate_flags & FFC_PARAMS_VALIDATE_ALL) == FFC_PARAMS_VALIDATE_PQ) + if ((flags & FFC_PARAM_FLAG_VALIDATE_ALL) == FFC_PARAM_FLAG_VALIDATE_PQ) goto pass; g_only: if ((mont = BN_MONT_CTX_new()) == NULL) @@ -930,7 +938,7 @@ g_only: if (!BN_MONT_CTX_set(mont, p, ctx)) goto err; - if (generate) { + if (!verify) { /* We now need to generate g */ /* set test = p - 1 */ if (!BN_sub(test, p, BN_value_one())) @@ -940,7 +948,7 @@ g_only: goto err; if (!generate_unverifiable_g(ctx, mont, g, tmp, p, r0, test, &hret)) goto err; - } else if (((validate_flags & FFC_PARAMS_VALIDATE_G) != 0) + } else if (((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) && !ffc_params_validate_unverifiable_g(ctx, mont, p, q, params->g, tmp, res)) { goto err; @@ -949,7 +957,7 @@ g_only: if (!BN_GENCB_call(cb, 3, 1)) goto err; - if (generate) { + if (!verify) { if (p != params->p) { BN_free(params->p); params->p = BN_dup(p); @@ -969,32 +977,34 @@ g_only: params->h = hret; } pass: - if ((validate_flags & FFC_PARAMS_VALIDATE_G) != 0) - ok = FFC_PARAMS_RET_STATUS_UNVERIFIABLE_G; + if ((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) + ok = FFC_PARAM_RET_STATUS_UNVERIFIABLE_G; else - ok = FFC_PARAMS_RET_STATUS_SUCCESS; + ok = FFC_PARAM_RET_STATUS_SUCCESS; err: if (ctx != NULL) BN_CTX_end(ctx); BN_CTX_free(ctx); - EVP_MD_free(evpmd_fetch); BN_MONT_CTX_free(mont); + EVP_MD_free(md); return ok; } int ffc_params_FIPS186_4_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params, int type, size_t L, size_t N, - const EVP_MD *evpmd, int *res, BN_GENCB *cb) + int *res, BN_GENCB *cb) { - return ffc_params_FIPS186_4_gen_verify(libctx, params, type, L, N, evpmd, 0, - res, cb); + return ffc_params_FIPS186_4_gen_verify(libctx, params, + FFC_PARAM_MODE_GENERATE, + type, L, N, res, cb); } /* This should no longer be used in FIPS mode */ int ffc_params_FIPS186_2_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params, int type, size_t L, size_t N, - const EVP_MD *evpmd, int *res, BN_GENCB *cb) + int *res, BN_GENCB *cb) { - return ffc_params_FIPS186_2_gen_verify(libctx, params, type, L, N, evpmd, - 0, res, cb); + return ffc_params_FIPS186_2_gen_verify(libctx, params, + FFC_PARAM_MODE_GENERATE, + type, L, N, res, cb); } diff --git a/crypto/ffc/ffc_params_validate.c b/crypto/ffc/ffc_params_validate.c index 4d0a4d837f..f3df0c2b39 100644 --- a/crypto/ffc/ffc_params_validate.c +++ b/crypto/ffc/ffc_params_validate.c @@ -44,37 +44,37 @@ int ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, return 1; } -int ffc_params_FIPS186_4_validate(const FFC_PARAMS *params, int type, - const EVP_MD *evpmd, int validate_flags, - int *res, BN_GENCB *cb) +int ffc_params_FIPS186_4_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, + int type, int *res, BN_GENCB *cb) { size_t L, N; if (params == NULL || params->p == NULL || params->q == NULL) - return FFC_PARAMS_RET_STATUS_FAILED; + return FFC_PARAM_RET_STATUS_FAILED; /* A.1.1.3 Step (1..2) : L = len(p), N = len(q) */ L = BN_num_bits(params->p); N = BN_num_bits(params->q); - return ffc_params_FIPS186_4_gen_verify(NULL, (FFC_PARAMS *)params, type, L, N, - evpmd, validate_flags, res, cb); + return ffc_params_FIPS186_4_gen_verify(libctx, (FFC_PARAMS *)params, + FFC_PARAM_MODE_VERIFY, type, + L, N, res, cb); } /* This may be used in FIPS mode to validate deprecated FIPS-186-2 Params */ -int ffc_params_FIPS186_2_validate(const FFC_PARAMS *params, int type, - const EVP_MD *evpmd, int validate_flags, - int *res, BN_GENCB *cb) +int ffc_params_FIPS186_2_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, + int type, int *res, BN_GENCB *cb) { size_t L, N; if (params->p == NULL || params->q == NULL) { *res = FFC_CHECK_INVALID_PQ; - return FFC_PARAMS_RET_STATUS_FAILED; + return FFC_PARAM_RET_STATUS_FAILED; } /* A.1.1.3 Step (1..2) : L = len(p), N = len(q) */ L = BN_num_bits(params->p); N = BN_num_bits(params->q); - return ffc_params_FIPS186_2_gen_verify(NULL, (FFC_PARAMS *)params, type, L, N, - evpmd, validate_flags, res, cb); + return ffc_params_FIPS186_2_gen_verify(libctx, (FFC_PARAMS *)params, + FFC_PARAM_MODE_VERIFY, type, + L, N, res, cb); } diff --git a/crypto/rsa/build.info b/crypto/rsa/build.info index 984ad775d5..1614996049 100644 --- a/crypto/rsa/build.info +++ b/crypto/rsa/build.info @@ -13,3 +13,7 @@ IF[{- !$disabled{'deprecated-0.9.8'} -}] ENDIF SOURCE[../../providers/libfips.a]=$COMMON + +IF[{- !$disabled{'acvp-tests'} -}] + SOURCE[../../providers/libfips.a]=rsa_acvp_test_params.c +ENDIF \ No newline at end of file diff --git a/crypto/rsa/rsa_acvp_test_params.c b/crypto/rsa/rsa_acvp_test_params.c new file mode 100644 index 0000000000..c1d07cb334 --- /dev/null +++ b/crypto/rsa/rsa_acvp_test_params.c @@ -0,0 +1,167 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include /* memcpy */ +#include +#include +#include "crypto/rsa.h" +#include "rsa_local.h" + +int rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]) +{ + const OSSL_PARAM *p, *s; + OSSL_PARAM *d, *alloc = NULL; + int ret = 1; + + static const OSSL_PARAM settable[] = { + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XP, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XP1, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XP2, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XQ, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XQ1, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XQ2, NULL, 0), + OSSL_PARAM_END + }; + + /* Assume the first element is a required field if this feature is used */ + p = OSSL_PARAM_locate_const(src, settable[0].key); + if (p == NULL) + return 1; + + /* Zeroing here means the terminator is always set at the end */ + alloc = OPENSSL_zalloc(sizeof(settable)); + if (alloc == NULL) + return 0; + + d = alloc; + for (s = settable; s->key != NULL; ++s) { + /* If src contains a key from settable then copy the src to the dest */ + p = OSSL_PARAM_locate_const(src, s->key); + if (p != NULL) { + *d = *s; /* shallow copy from the static settable[] */ + d->data_size = p->data_size; + d->data = OPENSSL_memdup(p->data, p->data_size); + if (d->data == NULL) + ret = 0; + ++d; + } + } + if (ret == 0) { + rsa_acvp_test_gen_params_free(alloc); + alloc = NULL; + } + if (*dst != NULL) + rsa_acvp_test_gen_params_free(*dst); + *dst = alloc; + return ret; +} + +void rsa_acvp_test_gen_params_free(OSSL_PARAM *dst) +{ + OSSL_PARAM *p; + + if (dst == NULL) + return; + + for (p = dst; p->key != NULL; ++p) { + OPENSSL_free(p->data); + p->data = NULL; + } + OPENSSL_free(dst); +} + +int rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[]) +{ + RSA_ACVP_TEST *t; + const OSSL_PARAM *p; + + if (r->acvp_test != NULL) { + rsa_acvp_test_free(r->acvp_test); + r->acvp_test = NULL; + } + + t = OPENSSL_zalloc(sizeof(*t)); + if (t == NULL) + return 0; + + /* Set the input parameters */ + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XP1)) != NULL + && !OSSL_PARAM_get_BN(p, &t->Xp1)) + goto err; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XP2)) != NULL + && !OSSL_PARAM_get_BN(p, &t->Xp2)) + goto err; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XP)) != NULL + && !OSSL_PARAM_get_BN(p, &t->Xp)) + goto err; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XQ1)) != NULL + && !OSSL_PARAM_get_BN(p, &t->Xq1)) + goto err; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XQ2)) != NULL + && !OSSL_PARAM_get_BN(p, &t->Xq2)) + goto err; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XQ)) != NULL + && !OSSL_PARAM_get_BN(p, &t->Xq)) + goto err; + + /* Setup the output parameters */ + t->p1 = BN_new(); + t->p2 = BN_new(); + t->q1 = BN_new(); + t->q2 = BN_new(); + r->acvp_test = t; + return 1; +err: + rsa_acvp_test_free(t); + return 0; +} + +int rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]) +{ + RSA_ACVP_TEST *t; + OSSL_PARAM *p; + + if (r == NULL) + return 0; + + t = r->acvp_test; + if (t != NULL) { + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_P1)) != NULL + && !OSSL_PARAM_set_BN(p, t->p1)) + return 0; + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_P2)) != NULL + && !OSSL_PARAM_set_BN(p, t->p2)) + return 0; + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_Q1)) != NULL + && !OSSL_PARAM_set_BN(p, t->q1)) + return 0; + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_Q2)) != NULL + && !OSSL_PARAM_set_BN(p, t->q2)) + return 0; + } + return 1; +} + +void rsa_acvp_test_free(RSA_ACVP_TEST *t) +{ + if (t != NULL) { + BN_free(t->Xp1); + BN_free(t->Xp2); + BN_free(t->Xp); + BN_free(t->Xq1); + BN_free(t->Xq2); + BN_free(t->Xq); + BN_free(t->p1); + BN_free(t->p2); + BN_free(t->q1); + BN_free(t->q2); + OPENSSL_free(t); + } +} + diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 7497a8579c..985a21127a 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -88,6 +88,7 @@ int rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]) goto err; } + sk_BIGNUM_free(factors); sk_BIGNUM_free(exps); sk_BIGNUM_free(coeffs); @@ -126,7 +127,7 @@ int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) int numcoeffs = sk_BIGNUM_const_num(coeffs); /* - * It's permisssible to have zero primes, i.e. no CRT params. + * It's permissible to have zero primes, i.e. no CRT params. * Otherwise, there must be at least two, as many exponents, * and one coefficient less. */ @@ -145,6 +146,11 @@ int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_coeff_names, coeffs)) goto err; +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + /* The acvp test results are not meant for export so check for bld == NULL */ + if (bld == NULL) + rsa_acvp_test_get_params(rsa, params); +#endif ret = 1; err: sk_BIGNUM_const_free(factors); diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index e52bce6355..1495cefa83 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -66,8 +66,8 @@ int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, else return 0; } -#endif /* FIPS_MODULE */ - return rsa_keygen(NULL, rsa, bits, primes, e_value, cb, 0); +#endif /* FIPS_MODUKE */ + return rsa_keygen(rsa->libctx, rsa, bits, primes, e_value, cb, 0); } #ifndef FIPS_MODULE diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index e80416ed3f..428cd145fa 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -162,6 +162,11 @@ void RSA_free(RSA *r) BN_clear_free(r->dmp1); BN_clear_free(r->dmq1); BN_clear_free(r->iqmp); + +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + rsa_acvp_test_free(r->acvp_test); +#endif + #ifndef FIPS_MODULE RSA_PSS_PARAMS_free(r->pss); sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free); diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index 65fd6022f7..666e18ec65 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -10,7 +10,7 @@ #ifndef OSSL_CRYPTO_RSA_LOCAL_H #define OSSL_CRYPTO_RSA_LOCAL_H -#include +#include "crypto/rsa.h" #include "internal/refcount.h" #include "crypto/rsa.h" @@ -29,6 +29,24 @@ typedef struct rsa_prime_info_st { DECLARE_ASN1_ITEM(RSA_PRIME_INFO) DEFINE_STACK_OF(RSA_PRIME_INFO) +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) +struct rsa_acvp_test_st { + /* optional inputs */ + BIGNUM *Xp1; + BIGNUM *Xp2; + BIGNUM *Xq1; + BIGNUM *Xq2; + BIGNUM *Xp; + BIGNUM *Xq; + + /* optional outputs */ + BIGNUM *p1; + BIGNUM *p2; + BIGNUM *q1; + BIGNUM *q2; +}; +#endif + struct rsa_st { /* * #legacy @@ -58,12 +76,14 @@ struct rsa_st { */ /* This is used uniquely by OpenSSL provider implementations. */ RSA_PSS_PARAMS_30 pss_params; -#ifndef FIPS_MODULE - /* This is used uniquely by rsa_ameth.c and rsa_pmeth.c. */ - RSA_PSS_PARAMS *pss; + +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + RSA_ACVP_TEST *acvp_test; #endif #ifndef FIPS_MODULE + /* This is used uniquely by rsa_ameth.c and rsa_pmeth.c. */ + RSA_PSS_PARAMS *pss; /* for multi-prime RSA, defined in RFC 8017 */ STACK_OF(RSA_PRIME_INFO) *prime_infos; /* Be careful using this if the RSA structure is shared */ @@ -172,13 +192,9 @@ int rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, int rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits, const BIGNUM *e, BN_CTX *ctx); -int rsa_fips186_4_gen_prob_primes(RSA *rsa, BIGNUM *p1, BIGNUM *p2, - BIGNUM *Xpout, const BIGNUM *Xp, - const BIGNUM *Xp1, const BIGNUM *Xp2, - BIGNUM *q1, BIGNUM *q2, BIGNUM *Xqout, - const BIGNUM *Xq, const BIGNUM *Xq1, - const BIGNUM *Xq2, int nbits, - const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); +int rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, + int nbits, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); int rsa_padding_add_SSLv23_with_libctx(OPENSSL_CTX *libctx, unsigned char *to, int tlen, const unsigned char *from, diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index d1673d5c98..9d7e1f1ebf 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -10,6 +10,7 @@ #include #include +#include #include "crypto/bn.h" #include "crypto/security_bits.h" #include "rsa_local.h" @@ -25,20 +26,23 @@ * * Params: * rsa Object used to store primes p & q. - * p1, p2 The returned auxiliary primes for p. If NULL they are not returned. - * Xpout An optionally returned random number used during generation of p. - * Xp An optional passed in value (that is random number used during - * generation of p). - * Xp1, Xp2 Optionally passed in randomly generated numbers from which - * auxiliary primes p1 & p2 are calculated. If NULL these values - * are generated internally. - * q1, q2 The returned auxiliary primes for q. If NULL they are not returned. - * Xqout An optionally returned random number used during generation of q. - * Xq An optional passed in value (that is random number used during - * generation of q). - * Xq1, Xq2 Optionally passed in randomly generated numbers from which - * auxiliary primes q1 & q2 are calculated. If NULL these values - * are generated internally. + * test Object used for CAVS testing only.that contains.. + * p1, p2 The returned auxiliary primes for p. + * If NULL they are not returned. + * Xpout An optionally returned random number used during generation of p. + * Xp An optional passed in value (that is random number used during + * generation of p). + * Xp1, Xp2 Optionally passed in randomly generated numbers from which + * auxiliary primes p1 & p2 are calculated. If NULL these values + * are generated internally. + * q1, q2 The returned auxiliary primes for q. + * If NULL they are not returned. + * Xqout An optionally returned random number used during generation of q. + * Xq An optional passed in value (that is random number used during + * generation of q). + * Xq1, Xq2 Optionally passed in randomly generated numbers from which + * auxiliary primes q1 & q2 are calculated. If NULL these values + * are generated internally. * nbits The key size in bits (The size of the modulus n). * e The public exponent. * ctx A BN_CTX object. @@ -49,16 +53,34 @@ * Xp, Xp1, Xp2, Xq, Xq1, Xq2 are optionally passed in. * (Required for CAVS testing). */ -int rsa_fips186_4_gen_prob_primes(RSA *rsa, BIGNUM *p1, BIGNUM *p2, - BIGNUM *Xpout, const BIGNUM *Xp, - const BIGNUM *Xp1, const BIGNUM *Xp2, - BIGNUM *q1, BIGNUM *q2, BIGNUM *Xqout, - const BIGNUM *Xq, const BIGNUM *Xq1, - const BIGNUM *Xq2, int nbits, +int rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, int nbits, const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) { int ret = 0, ok; + /* Temp allocated BIGNUMS */ BIGNUM *Xpo = NULL, *Xqo = NULL, *tmp = NULL; + /* Intermediate BIGNUMS that can be returned for testing */ + BIGNUM *p1 = NULL, *p2 = NULL; + BIGNUM *q1 = NULL, *q2 = NULL; + /* Intermediate BIGNUMS that can be input for testing */ + BIGNUM *Xpout = NULL, *Xqout = NULL; + BIGNUM *Xp = NULL, *Xp1 = NULL, *Xp2 = NULL; + BIGNUM *Xq = NULL, *Xq1 = NULL, *Xq2 = NULL; + +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + if (test != NULL) { + Xp1 = test->Xp1; + Xp2 = test->Xp2; + Xq1 = test->Xq1; + Xq2 = test->Xq2; + Xp = test->Xp; + Xq = test->Xq; + p1 = test->p1; + p2 = test->p2; + q1 = test->q1; + q2 = test->q2; + } +#endif /* (Step 1) Check key length * NOTE: SP800-131A Rev1 Disallows key lengths of < 2048 bits for RSA @@ -294,6 +316,11 @@ int rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, int ok; BN_CTX *ctx = NULL; BIGNUM *e = NULL; + RSA_ACVP_TEST *info = NULL; + +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + info = rsa->acvp_test; +#endif /* (Steps 1a-1b) : Currently ignores the strength check */ if (!rsa_sp800_56b_validate_strength(nbits, -1)) @@ -311,13 +338,12 @@ int rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, } else { e = (BIGNUM *)efixed; } - /* (Step 1c) fixed exponent is checked later . */ + /* (Step 1c) fixed exponent is checked later .*/ for (;;) { /* (Step 2) Generate prime factors */ - if (!rsa_fips186_4_gen_prob_primes(rsa, NULL, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, NULL, - NULL, nbits, e, ctx, cb)) + if (!rsa_fips186_4_gen_prob_primes(rsa, info, nbits, e, ctx, + cb)) goto err; /* (Steps 3-5) Compute params d, n, dP, dQ, qInv */ ok = rsa_sp800_56b_derive_params_from_pq(rsa, nbits, e, ctx); diff --git a/doc/man7/EVP_PKEY-RSA.pod b/doc/man7/EVP_PKEY-RSA.pod index 28f61e4066..428aa613a2 100644 --- a/doc/man7/EVP_PKEY-RSA.pod +++ b/doc/man7/EVP_PKEY-RSA.pod @@ -131,10 +131,63 @@ For legacy reasons a value of 3 is currently accepted but is deprecated. =back +=head2 RSA key generation parameters for FIPS module testing + +When generating RSA keys, the following additional key generation parameters may +be used for algorithm testing purposes only. Do not use these to generate +RSA keys for a production environment. + +=over 4 + +=item "xp" (B) + +=item "xq" (B) + +These 2 fields are normally randomly generated and are used to generate "p" and +"q". + +=item "xp1" (B) + +=item "xp2" (B) + +=item "xq1" (B) + +=item "xq2" (B) + +These 4 fields are normally randomly generated. The prime factors "p1", "p2", +"q1" and "q2" are determined from these values. + +=back + +=head2 RSA key parameters for FIPS module testing + +The following intermediate values can be retrieved only if the values +specified in L are set. +These should not be accessed in a production environment. + +=over 4 + +=item "p1" (B) + +=item "p2" (B) + +=item "q1" (B) + +=item "q2" (B) + +The auxiliary probable primes. + +=back + =head1 CONFORMING TO =over 4 +=item FIPS186-4 + +Section B.3.6 Generation of Probable Primes with Conditions Based on +Auxiliary Probable Primes + =item RFC 8017, excluding RSA-PSS and RSA-OAEP =for comment RSA-PSS, and probably also RSA-OAEP, need separate keytypes, diff --git a/include/crypto/dh.h b/include/crypto/dh.h index f67b4e01cd..22847dd1e0 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -14,8 +14,8 @@ DH *dh_new_by_nid_with_libctx(OPENSSL_CTX *libctx, int nid); DH *dh_new_with_libctx(OPENSSL_CTX *libctx); -int dh_generate_ffc_parameters(DH *dh, int type, int pbits, - int qbits, EVP_MD *md, BN_GENCB *cb); +int dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, + BN_GENCB *cb); int dh_generate_public_key(BN_CTX *ctx, DH *dh, const BIGNUM *priv_key, BIGNUM *pub_key); int dh_get_named_group_uid_from_size(int pbits); diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h index 1a278fecf2..59c94a1740 100644 --- a/include/crypto/dsa.h +++ b/include/crypto/dsa.h @@ -16,8 +16,8 @@ DSA *dsa_new_with_ctx(OPENSSL_CTX *libctx); -int dsa_generate_ffc_parameters(DSA *dsa, int type, - int pbits, int qbits, EVP_MD *md, BN_GENCB *cb); +int dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits, + BN_GENCB *cb); int dsa_sign_int(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa); diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h index 5d7a6e515d..9469ec9233 100644 --- a/include/crypto/rsa.h +++ b/include/crypto/rsa.h @@ -10,8 +10,8 @@ #ifndef OSSL_INTERNAL_RSA_H # define OSSL_INTERNAL_RSA_H -#include -#include +# include +# include typedef struct rsa_pss_params_30_st { int hash_algorithm_nid; @@ -93,4 +93,16 @@ extern const char *rsa_mp_factor_names[]; extern const char *rsa_mp_exp_names[]; extern const char *rsa_mp_coeff_names[]; +# if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) +int rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]); +void rsa_acvp_test_gen_params_free(OSSL_PARAM *dst); + +int rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[]); +int rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]); +typedef struct rsa_acvp_test_st RSA_ACVP_TEST; +void rsa_acvp_test_free(RSA_ACVP_TEST *t); +# else +# define RSA_ACVP_TEST void +# endif + #endif diff --git a/include/internal/ffc.h b/include/internal/ffc.h index e4c4dce8fa..2ed5d72c5c 100644 --- a/include/internal/ffc.h +++ b/include/internal/ffc.h @@ -16,6 +16,7 @@ # include /* Uses Error codes from DH */ # include # include +# include "internal/sizes.h" /* Default value for gindex when canonical generation of g is not used */ # define FFC_UNVERIFIABLE_GINDEX -1 @@ -24,17 +25,24 @@ # define FFC_PARAM_TYPE_DSA 0 # define FFC_PARAM_TYPE_DH 1 +/* + * The mode used by functions that share code for both generation and + * verification. See ffc_params_FIPS186_4_gen_verify(). + */ +#define FFC_PARAM_MODE_VERIFY 0 +#define FFC_PARAM_MODE_GENERATE 1 + /* Return codes for generation and validation of FFC parameters */ -#define FFC_PARAMS_RET_STATUS_FAILED 0 -#define FFC_PARAMS_RET_STATUS_SUCCESS 1 +#define FFC_PARAM_RET_STATUS_FAILED 0 +#define FFC_PARAM_RET_STATUS_SUCCESS 1 /* Returned if validating and g is only partially verifiable */ -#define FFC_PARAMS_RET_STATUS_UNVERIFIABLE_G 2 +#define FFC_PARAM_RET_STATUS_UNVERIFIABLE_G 2 /* Validation flags */ -# define FFC_PARAMS_GENERATE 0x00 -# define FFC_PARAMS_VALIDATE_PQ 0x01 -# define FFC_PARAMS_VALIDATE_G 0x02 -# define FFC_PARAMS_VALIDATE_ALL (FFC_PARAMS_VALIDATE_PQ | FFC_PARAMS_VALIDATE_G) +# define FFC_PARAM_FLAG_VALIDATE_PQ 0x01 +# define FFC_PARAM_FLAG_VALIDATE_G 0x02 +# define FFC_PARAM_FLAG_VALIDATE_ALL \ + (FFC_PARAM_FLAG_VALIDATE_PQ | FFC_PARAM_FLAG_VALIDATE_G) /* * NB: These values must align with the equivalently named macros in @@ -94,6 +102,14 @@ typedef struct ffc_params_st { */ int gindex; int h; /* loop counter for unverifiable g */ + + unsigned int flags; /* See FFC_PARAM_FLAG_VALIDATE_ALL */ + /* + * The digest to use for generation or validation. If this value is NULL, + * then the digest is chosen using the value of N. + */ + const char *mdname; + const char *mdprops; } FFC_PARAMS; void ffc_params_init(FFC_PARAMS *params); @@ -107,6 +123,8 @@ int ffc_params_set_seed(FFC_PARAMS *params, void ffc_params_set_gindex(FFC_PARAMS *params, int index); void ffc_params_set_pcounter(FFC_PARAMS *params, int index); void ffc_params_set_h(FFC_PARAMS *params, int index); +void ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags); +int ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props); int ffc_params_set_validate_params(FFC_PARAMS *params, const unsigned char *seed, size_t seedlen, @@ -125,27 +143,22 @@ int ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent); int ffc_params_FIPS186_4_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params, int type, size_t L, size_t N, - const EVP_MD *evpmd, int *res, BN_GENCB *cb); + int *res, BN_GENCB *cb); int ffc_params_FIPS186_2_generate(OPENSSL_CTX *libctx, FFC_PARAMS *params, int type, size_t L, size_t N, - const EVP_MD *evpmd, int *res, BN_GENCB *cb); + int *res, BN_GENCB *cb); int ffc_params_FIPS186_4_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - const EVP_MD *evpmd, int validate_flags, + int mode, int type, size_t L, size_t N, int *res, BN_GENCB *cb); int ffc_params_FIPS186_2_gen_verify(OPENSSL_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - const EVP_MD *evpmd, int validate_flags, + int mode, int type, size_t L, size_t N, int *res, BN_GENCB *cb); -int ffc_params_FIPS186_4_validate(const FFC_PARAMS *params, int type, - const EVP_MD *evpmd, int validate_flags, - int *res, BN_GENCB *cb); -int ffc_params_FIPS186_2_validate(const FFC_PARAMS *params, int type, - const EVP_MD *evpmd, int validate_flags, - int *res, BN_GENCB *cb); - +int ffc_params_FIPS186_4_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, + int type, int *res, BN_GENCB *cb); +int ffc_params_FIPS186_2_validate(OPENSSL_CTX *libctx, const FFC_PARAMS *params, + int type, int *res, BN_GENCB *cb); int ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, int N, int s, BIGNUM *priv); @@ -168,5 +181,7 @@ int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name); int ffc_named_group_to_uid(const char *name); const char *ffc_named_group_from_uid(int nid); int ffc_set_group_pqg(FFC_PARAMS *ffc, const char *group_name); +const char *ffc_params_flags_to_name(int flags); +int ffc_params_flags_from_name(const char *name); #endif /* OSSL_INTERNAL_FFC_H */ diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index f04168e819..fa6b7a9547 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -201,22 +201,30 @@ extern "C" { #define OSSL_PKEY_PARAM_PRIV_KEY "priv" /* Diffie-Hellman/DSA Parameters */ -#define OSSL_PKEY_PARAM_FFC_P "p" -#define OSSL_PKEY_PARAM_FFC_G "g" -#define OSSL_PKEY_PARAM_FFC_Q "q" -#define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" -#define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" -#define OSSL_PKEY_PARAM_FFC_SEED "seed" -#define OSSL_PKEY_PARAM_FFC_COFACTOR "j" -#define OSSL_PKEY_PARAM_FFC_H "hindex" +#define OSSL_PKEY_PARAM_FFC_P "p" +#define OSSL_PKEY_PARAM_FFC_G "g" +#define OSSL_PKEY_PARAM_FFC_Q "q" +#define OSSL_PKEY_PARAM_FFC_GINDEX "gindex" +#define OSSL_PKEY_PARAM_FFC_PCOUNTER "pcounter" +#define OSSL_PKEY_PARAM_FFC_SEED "seed" +#define OSSL_PKEY_PARAM_FFC_COFACTOR "j" +#define OSSL_PKEY_PARAM_FFC_H "hindex" +#define OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE "valid-type" + +/* Diffie-Hellman/DSA Parameters parameter validation types */ +#define OSSL_FFC_PARAM_VALIDATE_PQ "validate-pq" +#define OSSL_FFC_PARAM_VALIDATE_G "validate-g" +#define OSSL_FFC_PARAM_VALIDATE_PQG "validate-pqg" /* Diffie-Hellman params */ -#define OSSL_PKEY_PARAM_DH_GROUP "group" -#define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator" -#define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" +#define OSSL_PKEY_PARAM_DH_GROUP "group" +#define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator" +#define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" /* Elliptic Curve Domain Parameters */ #define OSSL_PKEY_PARAM_EC_NAME "curve-name" +#define OSSL_PKEY_PARAM_EC_PUB_X "qx" +#define OSSL_PKEY_PARAM_EC_PUB_Y "qy" /* Elliptic Curve Key Parameters */ #define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag" @@ -334,7 +342,6 @@ extern "C" { #define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \ OSSL_PKEY_PARAM_MGF1_PROPERTIES #define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE -#define OSSL_SIGNATURE_PARAM_KAT "kat" /* Asym cipher parameters */ #define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE @@ -364,6 +371,19 @@ extern "C" { #define OSSL_GEN_PARAM_POTENTIAL "potential" /* integer */ #define OSSL_GEN_PARAM_ITERATION "iteration" /* integer */ +/* ACVP Test parameters : These should not be used normally */ +#define OSSL_PKEY_PARAM_RSA_TEST_XP1 "xp1" +#define OSSL_PKEY_PARAM_RSA_TEST_XP2 "xp2" +#define OSSL_PKEY_PARAM_RSA_TEST_XP "xp" +#define OSSL_PKEY_PARAM_RSA_TEST_XQ1 "xq1" +#define OSSL_PKEY_PARAM_RSA_TEST_XQ2 "xq2" +#define OSSL_PKEY_PARAM_RSA_TEST_XQ "xq" +#define OSSL_PKEY_PARAM_RSA_TEST_P1 "p1" +#define OSSL_PKEY_PARAM_RSA_TEST_P2 "p2" +#define OSSL_PKEY_PARAM_RSA_TEST_Q1 "q1" +#define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2" +#define OSSL_SIGNATURE_PARAM_KAT "kat" + # ifdef __cplusplus } # endif diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index 0dd1796dc0..c81d437dae 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -59,7 +59,6 @@ struct dh_gen_ctx { int group_nid; size_t pbits; size_t qbits; - EVP_MD *md; unsigned char *seed; /* optional FIPS186-4 param for testing */ size_t seedlen; int gindex; /* optional FIPS186-4 generator index (ignored if -1) */ @@ -69,6 +68,8 @@ struct dh_gen_ctx { int hindex; int priv_len; + const char *mdname; + const char *mdprops; OSSL_CALLBACK *cb; void *cbarg; }; @@ -411,7 +412,7 @@ static void *dh_gen_init(void *provctx, int selection) gctx->libctx = libctx; gctx->pbits = 2048; gctx->qbits = 224; - gctx->md = NULL; + gctx->mdname = NULL; gctx->gen_type = DH_PARAMGEN_TYPE_FIPS_186_4; gctx->gindex = -1; gctx->hindex = 0; @@ -498,20 +499,15 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 0; p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST); if (p != NULL) { - const OSSL_PARAM *p1; - char mdprops[OSSL_MAX_PROPQUERY_SIZE] = { '\0' }; - char *str = mdprops; - if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; - p1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS); - if (p1 != NULL - && !OSSL_PARAM_get_utf8_string(p1, &str, sizeof(mdprops))) - return 0; - EVP_MD_free(gctx->md); - gctx->md = EVP_MD_fetch(gctx->libctx, p->data, mdprops); - if (gctx->md == NULL) + gctx->mdname = p->data; + } + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS); + if (p != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; + gctx->mdprops = p->data; } p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN); if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->priv_len)) @@ -592,6 +588,10 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) } else if (gctx->hindex != 0) { ffc_params_set_h(ffc, gctx->hindex); } + if (gctx->mdname != NULL) { + if (!ffc_set_digest(ffc, gctx->mdname, gctx->mdprops)) + goto end; + } gctx->cb = osslcb; gctx->cbarg = cbarg; gencb = BN_GENCB_new(); @@ -609,7 +609,7 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) gctx->generator, gencb); else ret = dh_generate_ffc_parameters(dh, gctx->gen_type, gctx->pbits, - gctx->qbits, gctx->md, gencb); + gctx->qbits, gencb); if (ret <= 0) goto end; } @@ -641,7 +641,6 @@ static void dh_gen_cleanup(void *genctx) return; OPENSSL_clear_free(gctx->seed, gctx->seedlen); - EVP_MD_free(gctx->md); OPENSSL_free(gctx); } diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index af8361fb28..5fa3e08af9 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -56,13 +56,14 @@ struct dsa_gen_ctx { /* All these parameters are used for parameter generation only */ size_t pbits; size_t qbits; - EVP_MD *md; unsigned char *seed; /* optional FIPS186-4 param for testing */ size_t seedlen; int gindex; /* optional FIPS186-4 generator index (ignored if -1) */ int gen_type; /* DSA_PARAMGEN_TYPE_FIPS_186_2 or DSA_PARAMGEN_TYPE_FIPS_186_4 */ int pcounter; int hindex; + const char *mdname; + const char *mdprops; OSSL_CALLBACK *cb; void *cbarg; }; @@ -364,7 +365,6 @@ static void *dsa_gen_init(void *provctx, int selection) gctx->libctx = libctx; gctx->pbits = 2048; gctx->qbits = 224; - gctx->md = NULL; gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_186_4; gctx->gindex = -1; gctx->pcounter = -1; @@ -440,21 +440,15 @@ static int dsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 0; p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST); if (p != NULL) { - const OSSL_PARAM *p1; - char mdprops[OSSL_MAX_PROPQUERY_SIZE] = { '\0' }; - char *str = mdprops; - if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; - p1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS); - if (p1 != NULL) { - if (!OSSL_PARAM_get_utf8_string(p1, &str, sizeof(mdprops))) - return 0; - } - EVP_MD_free(gctx->md); - gctx->md = EVP_MD_fetch(gctx->libctx, p->data, mdprops); - if (gctx->md == NULL) + gctx->mdname = p->data; + } + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS); + if (p != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) return 0; + gctx->mdprops = p->data; } return 1; } @@ -523,10 +517,14 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) } else if (gctx->hindex != 0) { ffc_params_set_h(ffc, gctx->hindex); } + if (gctx->mdname != NULL) { + if (!ffc_set_digest(ffc, gctx->mdname, gctx->mdprops)) + goto end; + } if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { if (dsa_generate_ffc_parameters(dsa, gctx->gen_type, - gctx->pbits, gctx->qbits, gctx->md, + gctx->pbits, gctx->qbits, gencb) <= 0) goto end; } @@ -556,7 +554,6 @@ static void dsa_gen_cleanup(void *genctx) return; OPENSSL_clear_free(gctx->seed, gctx->seedlen); - EVP_MD_free(gctx->md); OPENSSL_free(gctx); } diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 7e3220739f..d926ec2bd2 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -110,6 +110,7 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, OSSL_PARAM params[], int include_private, unsigned char **pub_key) { + BIGNUM *x = NULL, *y = NULL; const BIGNUM *priv_key = NULL; const EC_POINT *pub_point = NULL; const EC_GROUP *ecg = NULL; @@ -125,6 +126,7 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, pub_point = EC_KEY_get0_public_key(eckey); if (pub_point != NULL) { + OSSL_PARAM *p = NULL, *px = NULL, *py = NULL; /* * EC_POINT_point2buf() can generate random numbers in some * implementations so we need to ensure we use the correct libctx. @@ -133,14 +135,41 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, if (bnctx == NULL) goto err; - /* convert pub_point to a octet string according to the SECG standard */ - if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point, - POINT_CONVERSION_COMPRESSED, - pub_key, bnctx)) == 0 - || !ossl_param_build_set_octet_string(tmpl, params, - OSSL_PKEY_PARAM_PUB_KEY, - *pub_key, pub_key_len)) - goto err; + + /* If we are doing a get then check first before decoding the point */ + if (tmpl == NULL) { + p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY); + px = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_PUB_X); + py = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_PUB_Y); + } + + if (p != NULL || tmpl != NULL) { + /* convert pub_point to a octet string according to the SECG standard */ + if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point, + POINT_CONVERSION_COMPRESSED, + pub_key, bnctx)) == 0 + || !ossl_param_build_set_octet_string(tmpl, p, + OSSL_PKEY_PARAM_PUB_KEY, + *pub_key, pub_key_len)) + goto err; + } + if (px != NULL || py != NULL) { + if (px != NULL) + x = BN_CTX_get(bnctx); + if (py != NULL) + y = BN_CTX_get(bnctx); + + if (!EC_POINT_get_affine_coordinates(ecg, pub_point, x, y, bnctx)) + goto err; + if (px != NULL + && !ossl_param_build_set_bn(tmpl, px, + OSSL_PKEY_PARAM_EC_PUB_X, x)) + goto err; + if (py != NULL + && !ossl_param_build_set_bn(tmpl, py, + OSSL_PKEY_PARAM_EC_PUB_Y, y)) + goto err; + } } if (priv_key != NULL && include_private) { @@ -532,6 +561,8 @@ static const OSSL_PARAM ec_known_gettable_params[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), EC_IMEXPORTABLE_DOM_PARAMETERS, EC_IMEXPORTABLE_PUBLIC_KEY, + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_PUB_X, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_PUB_Y, NULL, 0), EC_IMEXPORTABLE_PRIVATE_KEY, EC_IMEXPORTABLE_OTHER_PARAMETERS, OSSL_PARAM_END diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index 3091c1dee0..313b9c292d 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -380,6 +380,11 @@ struct rsa_gen_ctx { /* For generation callback */ OSSL_CALLBACK *cb; void *cbarg; + +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + /* ACVP test parameters */ + OSSL_PARAM *acvp_test_params; +#endif }; static int rsa_gencb(int p, int n, BN_GENCB *cb) @@ -389,7 +394,6 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb) params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p); params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n); - return gctx->cb(params, gctx->cbarg); } @@ -451,6 +455,11 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) && !pss_params_fromdata(&gctx->pss_params, params, gctx->rsa_type, gctx->libctx)) return 0; +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + /* Any ACVP test related parameters are copied into a params[] */ + if (!rsa_acvp_test_gen_params_new(&gctx->acvp_test_params, params)) + return 0; +#endif return 1; } @@ -525,6 +534,13 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (gencb != NULL) BN_GENCB_set(gencb, rsa_gencb, genctx); +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + if (gctx->acvp_test_params != NULL) { + if (!rsa_acvp_test_set_params(rsa_tmp, gctx->acvp_test_params)) + goto err; + } +#endif + if (!RSA_generate_multi_prime_key(rsa_tmp, (int)gctx->nbits, (int)gctx->primes, gctx->pub_exp, gencb)) @@ -551,7 +567,10 @@ static void rsa_gen_cleanup(void *genctx) if (gctx == NULL) return; - +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + rsa_acvp_test_gen_params_free(gctx->acvp_test_params); + gctx->acvp_test_params = NULL; +#endif BN_clear_free(gctx->pub_exp); OPENSSL_free(gctx); } diff --git a/providers/implementations/signature/build.info b/providers/implementations/signature/build.info index dbe0876a0e..0e7765ae24 100644 --- a/providers/implementations/signature/build.info +++ b/providers/implementations/signature/build.info @@ -3,7 +3,6 @@ $DSA_GOAL=../../libimplementations.a $EC_GOAL=../../libimplementations.a -$ECDSA_GOAL=../../libimplementations.a IF[{- !$disabled{dsa} -}] SOURCE[$DSA_GOAL]=dsa.c @@ -11,7 +10,8 @@ ENDIF IF[{- !$disabled{ec} -}] SOURCE[$EC_GOAL]=eddsa.c - SOURCE[$ECDSA_GOAL]=ecdsa.c + SOURCE[../../libfips.a]=ecdsa.c + SOURCE[../../libnonfips.a]=ecdsa.c ENDIF SOURCE[../../libfips.a]=rsa.c diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index de6aac670b..a4902babcb 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -338,13 +338,17 @@ int dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig, static void dsa_freectx(void *vpdsactx) { - PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; - - DSA_free(pdsactx->dsa); - EVP_MD_CTX_free(pdsactx->mdctx); - EVP_MD_free(pdsactx->md); - - OPENSSL_free(pdsactx); + PROV_DSA_CTX *ctx = (PROV_DSA_CTX *)vpdsactx; + + OPENSSL_free(ctx->propq); + EVP_MD_CTX_free(ctx->mdctx); + EVP_MD_free(ctx->md); + ctx->propq = NULL; + ctx->mdctx = NULL; + ctx->md = NULL; + ctx->mdsize = 0; + DSA_free(ctx->dsa); + OPENSSL_free(ctx); } static void *dsa_dupctx(void *vpdsactx) diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c index d96f597a92..61a13f4f2f 100644 --- a/providers/implementations/signature/ecdsa.c +++ b/providers/implementations/signature/ecdsa.c @@ -72,14 +72,6 @@ typedef struct { EVP_MD *md; EVP_MD_CTX *mdctx; - /* - * This indicates that KAT (CAVS) test is running. Externally an app will - * override the random callback such that the generated private key and k - * are known. - * Normal operation will loop to choose a new k if the signature is not - * valid - but for this mode of operation it forces a failure instead. - */ - unsigned int kattest; /* * Internally used to cache the results of calling the EC group * sign_setup() methods which are then passed to the sign operation. @@ -89,6 +81,16 @@ typedef struct { */ BIGNUM *kinv; BIGNUM *r; +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) + /* + * This indicates that KAT (CAVS) test is running. Externally an app will + * override the random callback such that the generated private key and k + * are known. + * Normal operation will loop to choose a new k if the signature is not + * valid - but for this mode of operation it forces a failure instead. + */ + unsigned int kattest; +#endif } PROV_ECDSA_CTX; static void *ecdsa_newctx(void *provctx, const char *propq) @@ -131,8 +133,10 @@ static int ecdsa_sign(void *vctx, unsigned char *sig, size_t *siglen, return 1; } +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) if (ctx->kattest && !ECDSA_sign_setup(ctx->ec, NULL, &ctx->kinv, &ctx->r)) return 0; +#endif if (sigsize < (size_t)ecsize) return 0; @@ -201,8 +205,10 @@ static int get_md_nid(const EVP_MD *md) static void free_md(PROV_ECDSA_CTX *ctx) { + OPENSSL_free(ctx->propq); EVP_MD_CTX_free(ctx->mdctx); EVP_MD_free(ctx->md); + ctx->propq = NULL; ctx->mdctx = NULL; ctx->md = NULL; ctx->mdsize = 0; @@ -414,10 +420,11 @@ static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[]) */ return 1; } - +#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT); if (p != NULL && !OSSL_PARAM_get_uint(p, &ctx->kattest)) return 0; +#endif p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); if (p != NULL && !OSSL_PARAM_get_size_t(p, &ctx->mdsize)) diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 81611bb4f0..5af64d2a90 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -594,13 +594,15 @@ static int rsa_verify_recover(void *vprsactx, } *routlen = ret; - if (routsize < (size_t)ret) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL, - "buffer size is %d, should be %d", - routsize, ret); - return 0; + if (rout != prsactx->tbuf) { + if (routsize < (size_t)ret) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL, + "buffer size is %d, should be %d", + routsize, ret); + return 0; + } + memcpy(rout, prsactx->tbuf, ret); } - memcpy(rout, prsactx->tbuf, ret); break; case RSA_PKCS1_PADDING: @@ -655,7 +657,10 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, } return 1; case RSA_X931_PADDING: - if (rsa_verify_recover(prsactx, NULL, &rslen, 0, sig, siglen) <= 0) + if (!setup_tbuf(prsactx)) + return 0; + if (rsa_verify_recover(prsactx, prsactx->tbuf, &rslen, 0, + sig, siglen) <= 0) return 0; break; case RSA_PKCS1_PSS_PADDING: diff --git a/test/acvp_test.c b/test/acvp_test.c new file mode 100644 index 0000000000..0e3e117133 --- /dev/null +++ b/test/acvp_test.c @@ -0,0 +1,1367 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * A set of tests demonstrating uses cases for CAVS/ACVP testing. + * + * For examples of testing KDF's, Digests, KeyAgreement & DRBG's refer to + * providers/fips/self_test_kats.c + */ + +#include /* To see if OPENSSL_NO_EC is defined */ +#include +#include +#include +#include +#include +#include +#include +#include +#include "testutil.h" +#include "testutil/output.h" +#include "acvp_test.inc" +#include "internal/nelem.h" + +static OSSL_PROVIDER *prov_null = NULL; +static OPENSSL_CTX *libctx = NULL; + +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_CONFIG_FILE, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "config", OPT_CONFIG_FILE, '<', + "The configuration file to use for the libctx" }, + { NULL } + }; + return test_options; +} + +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \ + || !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) +static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name, + unsigned char **out, size_t *out_len) +{ + unsigned char *buf = NULL; + BIGNUM *bn = NULL; + int sz; + + if (!EVP_PKEY_get_bn_param(pkey, name, &bn)) + goto err; + sz = BN_num_bytes(bn); + buf = OPENSSL_zalloc(sz); + if (buf == NULL) + goto err; + if (!BN_bn2binpad(bn, buf, sz)) + goto err; + + *out_len = sz; + *out = buf; + BN_free(bn); + return 1; +err: + OPENSSL_free(buf); + BN_free(bn); + return 0; +} +#endif + +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \ + || !defined(OPENSSL_NO_RSA) +static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name, + const unsigned char *msg, size_t msg_len, + unsigned char **sig_out, size_t *sig_out_len) +{ + int ret = 0; + EVP_MD_CTX *md_ctx = NULL; + unsigned char *sig = NULL; + size_t sig_len; + size_t sz = EVP_PKEY_size(pkey); + + if (!TEST_ptr(sig = OPENSSL_malloc(sz)) + || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) + || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, NULL, + pkey, libctx), 1) + || !TEST_int_gt(EVP_DigestSign(md_ctx, sig, &sig_len, msg, msg_len), 0)) + goto err; + *sig_out = sig; + *sig_out_len = sig_len; + sig = NULL; + ret = 1; +err: + OPENSSL_free(sig); + EVP_MD_CTX_free(md_ctx); + return ret; +} +#endif + +#ifndef OPENSSL_NO_EC +static int ecdsa_keygen_test(int id) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char *priv = NULL; + unsigned char *pubx = NULL, *puby = NULL; + size_t priv_len = 0, pubx_len = 0, puby_len = 0; + const struct ecdsa_keygen_st *tst = &ecdsa_keygen_data[id]; + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL)) + || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) + || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_name(ctx, + tst->curve_name)) + || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv, + &priv_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx, + &pubx_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &puby, + &puby_len))) + goto err; + + test_output_memory("qy", puby, puby_len); + test_output_memory("qx", pubx, pubx_len); + test_output_memory("d", priv, priv_len); + ret = 1; +err: + OPENSSL_clear_free(priv, priv_len); + OPENSSL_free(pubx); + OPENSSL_free(puby); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(ctx); + return ret; +} + +static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name, + const unsigned char *pub, size_t pub_len, + int expected) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || (curve_name != NULL + && !TEST_true(OSSL_PARAM_BLD_push_utf8_string( + bld, OSSL_PKEY_PARAM_EC_NAME, curve_name, 0) > 0)) + || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub, pub_len) > 0) + || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL)) + || !TEST_true(EVP_PKEY_key_fromdata_init(ctx)) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), expected)) + goto err; + + ret = 1; +err: + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_CTX_free(ctx); + return ret; +} + +static int ecdsa_pub_verify_test(int id) +{ + const struct ecdsa_pub_verify_st *tst = &ecdsa_pv_data[id]; + + int ret = 0; + EVP_PKEY_CTX *key_ctx = NULL; + EVP_PKEY *pkey = NULL; + + if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name, + tst->pub, tst->pub_len, tst->pass))) + goto err; + + if (tst->pass) { + if (!TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) + || !TEST_int_eq(EVP_PKEY_public_check(key_ctx), tst->pass)) + goto err; + } + ret = 1; +err: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(key_ctx); + return ret; +} + +/* Extract r and s from a ecdsa signature */ +static int get_ecdsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len, + unsigned char **r, unsigned char **s, + size_t *rlen, size_t *slen) +{ + int ret = 0; + unsigned char *rbuf = NULL, *sbuf = NULL; + size_t r1_len, s1_len; + const BIGNUM *r1, *s1; + ECDSA_SIG *sign = d2i_ECDSA_SIG(NULL, &sig, sig_len); + + if (sign == NULL) + return 0; + r1 = ECDSA_SIG_get0_r(sign); + s1 = ECDSA_SIG_get0_s(sign); + if (r1 == NULL || s1 == NULL) + return 0; + + r1_len = BN_num_bytes(r1); + s1_len = BN_num_bytes(s1); + rbuf = OPENSSL_zalloc(r1_len); + sbuf = OPENSSL_zalloc(s1_len); + if (rbuf == NULL || sbuf == NULL) + goto err; + if (BN_bn2binpad(r1, rbuf, r1_len) <= 0) + goto err; + if (BN_bn2binpad(s1, sbuf, s1_len) <= 0) + goto err; + *r = rbuf; + *s = sbuf; + *rlen = r1_len; + *slen = s1_len; + ret = 1; +err: + if (ret == 0) { + OPENSSL_free(rbuf); + OPENSSL_free(sbuf); + } + ECDSA_SIG_free(sign); + return ret; +} + +static int ecdsa_siggen_test(int id) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL, *key_ctx = NULL; + EVP_PKEY *pkey = NULL; + size_t sig_len = 0, rlen = 0, slen = 0; + unsigned char *sig = NULL; + unsigned char *r = NULL, *s = NULL; + const struct ecdsa_siggen_st *tst = &ecdsa_siggen_data[id]; + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL)) + || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) + || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_name(ctx, + tst->curve_name)) + || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)) + goto err; + + if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, + &sig, &sig_len)) + || !TEST_true(get_ecdsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) + goto err; + test_output_memory("r", r, rlen); + test_output_memory("s", s, slen); + ret = 1; +err: + OPENSSL_free(r); + OPENSSL_free(s); + OPENSSL_free(sig); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(key_ctx); + EVP_PKEY_CTX_free(ctx); + return ret; +} + +static int ecdsa_sigver_test(int id) +{ + int ret = 0; + EVP_MD_CTX *md_ctx = NULL; + EVP_PKEY *pkey = NULL; + ECDSA_SIG *sign = NULL; + size_t sig_len; + unsigned char *sig = NULL; + BIGNUM *rbn = NULL, *sbn = NULL; + const struct ecdsa_sigver_st *tst = &ecdsa_sigver_data[id]; + + if (!TEST_true(ecdsa_create_pkey(&pkey, tst->curve_name, + tst->pub, tst->pub_len, 1))) + goto err; + + if (!TEST_ptr(sign = ECDSA_SIG_new()) + || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL)) + || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL)) + || !TEST_true(ECDSA_SIG_set0(sign, rbn, sbn))) + goto err; + rbn = sbn = NULL; + + ret = TEST_int_gt((sig_len = i2d_ECDSA_SIG(sign, &sig)), 0) + && TEST_ptr(md_ctx = EVP_MD_CTX_new()) + && TEST_true(EVP_DigestVerifyInit_ex(md_ctx, NULL, tst->digest_alg, + NULL, pkey, libctx) + && TEST_int_eq(EVP_DigestVerify(md_ctx, sig, sig_len, + tst->msg, tst->msg_len), tst->pass)); +err: + BN_free(rbn); + BN_free(sbn); + OPENSSL_free(sig); + ECDSA_SIG_free(sign); + EVP_PKEY_free(pkey); + EVP_MD_CTX_free(md_ctx); + return ret; + +} +#endif /* OPENSSL_NO_EC */ + +#ifndef OPENSSL_NO_DSA +static int pkey_get_octet_bytes(EVP_PKEY *pkey, const char *name, + unsigned char **out, size_t *out_len) +{ + size_t len = 0; + unsigned char *buf = NULL; + + if (!EVP_PKEY_get_octet_string_param(pkey, name, NULL, 0, &len)) + goto err; + + buf = OPENSSL_zalloc(len); + if (buf == NULL) + goto err; + + if (!EVP_PKEY_get_octet_string_param(pkey, name, buf, len, out_len)) + goto err; + *out = buf; + return 1; +err: + OPENSSL_free(buf); + return 0; +} + +static EVP_PKEY *dsa_paramgen(int L, int N) +{ + EVP_PKEY_CTX *paramgen_ctx = NULL; + EVP_PKEY *param_key = NULL; + + if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) + || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx)) + || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, L)) + || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, N)) + || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key))) + return NULL; + EVP_PKEY_CTX_free(paramgen_ctx); + return param_key; +} + +static EVP_PKEY *dsa_keygen(int L, int N) +{ + EVP_PKEY *param_key = NULL, *key = NULL; + EVP_PKEY_CTX *keygen_ctx = NULL; + + if (!TEST_ptr(param_key = dsa_paramgen(L, N)) + || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, + NULL)) + || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0) + || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)) + goto err; +err: + EVP_PKEY_free(param_key); + EVP_PKEY_CTX_free(keygen_ctx); + return key; +} + +static int dsa_keygen_test(int id) +{ + int ret = 0, i; + EVP_PKEY_CTX *paramgen_ctx = NULL, *keygen_ctx = NULL; + EVP_PKEY *param_key = NULL, *key = NULL; + unsigned char *priv = NULL, *pub = NULL; + size_t priv_len = 0, pub_len = 0; + const struct dsa_paramgen_st *tst = &dsa_keygen_data[id]; + + if (!TEST_ptr(param_key = dsa_paramgen(tst->L, tst->N)) + || !TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, + NULL)) + || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0)) + goto err; + for (i = 0; i < 2; ++i) { + if (!TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0) + || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PRIV_KEY, + &priv, &priv_len)) + || !TEST_true(pkey_get_bn_bytes(key, OSSL_PKEY_PARAM_PUB_KEY, + &pub, &pub_len))) + goto err; + test_output_memory("y", pub, pub_len); + test_output_memory("x", priv, priv_len); + EVP_PKEY_free(key); + OPENSSL_clear_free(priv, priv_len); + OPENSSL_free(pub); + key = NULL; + pub = priv = NULL; + } + ret = 1; +err: + OPENSSL_clear_free(priv, priv_len); + OPENSSL_free(pub); + EVP_PKEY_free(param_key); + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(keygen_ctx); + EVP_PKEY_CTX_free(paramgen_ctx); + return ret; +} + +static int dsa_paramgen_test(int id) +{ + int ret = 0, counter = 0; + EVP_PKEY_CTX *paramgen_ctx = NULL; + EVP_PKEY *param_key = NULL; + unsigned char *p = NULL, *q = NULL, *seed = NULL; + size_t plen = 0, qlen = 0, seedlen = 0; + const struct dsa_paramgen_st *tst = &dsa_paramgen_data[id]; + + if (!TEST_ptr(paramgen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) + || !TEST_true(EVP_PKEY_paramgen_init(paramgen_ctx)) + || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_bits(paramgen_ctx, tst->L)) + || !TEST_true(EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramgen_ctx, tst->N)) + || !TEST_true(EVP_PKEY_paramgen(paramgen_ctx, ¶m_key)) + || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_P, + &p, &plen)) + || !TEST_true(pkey_get_bn_bytes(param_key, OSSL_PKEY_PARAM_FFC_Q, + &q, &qlen)) + || !TEST_true(pkey_get_octet_bytes(param_key, OSSL_PKEY_PARAM_FFC_SEED, + &seed, &seedlen)) + || !TEST_true(EVP_PKEY_get_int_param(param_key, + OSSL_PKEY_PARAM_FFC_PCOUNTER, + &counter))) + goto err; + + test_output_memory("p", p, plen); + test_output_memory("q", q, qlen); + test_output_memory("domainSeed", seed, seedlen); + test_printf_stderr("%s: %d\n", "counter", counter); + ret = 1; +err: + OPENSSL_free(p); + OPENSSL_free(q); + OPENSSL_free(seed); + EVP_PKEY_free(param_key); + EVP_PKEY_CTX_free(paramgen_ctx); + return ret; +} + +static int dsa_create_pkey(EVP_PKEY **pkey, + const unsigned char *p, size_t p_len, + const unsigned char *q, size_t q_len, + const unsigned char *g, size_t g_len, + const unsigned char *seed, size_t seed_len, + int counter, + const char *validate_type, + const unsigned char *pub, size_t pub_len, + BN_CTX *bn_ctx) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; + BIGNUM *p_bn = NULL, *q_bn = NULL, *g_bn = NULL, *pub_bn = NULL; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_ptr(p_bn = BN_CTX_get(bn_ctx)) + || !TEST_ptr(BN_bin2bn(p, p_len, p_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, + OSSL_PKEY_PARAM_FFC_VALIDATE_TYPE, + validate_type, 0)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p_bn)) + || !TEST_ptr(q_bn = BN_CTX_get(bn_ctx)) + || !TEST_ptr(BN_bin2bn(q, q_len, q_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q_bn))) + goto err; + + if (g != NULL) { + if (!TEST_ptr(g_bn = BN_CTX_get(bn_ctx)) + || !TEST_ptr(BN_bin2bn(g, g_len, g_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, + OSSL_PKEY_PARAM_FFC_G, g_bn))) + goto err; + } + if (seed != NULL) { + if (!TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, + OSSL_PKEY_PARAM_FFC_SEED, seed, seed_len))) + goto err; + } + if (counter != -1) { + if (!TEST_true(OSSL_PARAM_BLD_push_int(bld, + OSSL_PKEY_PARAM_FFC_PCOUNTER, + counter))) + goto err; + } + if (pub != NULL) { + if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx)) + || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, + OSSL_PKEY_PARAM_PUB_KEY, + pub_bn))) + goto err; + } + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", NULL)) + || !TEST_true(EVP_PKEY_key_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params))) + goto err; + + ret = 1; +err: + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_CTX_free(ctx); + return ret; +} + +static int dsa_pqver_test(int id) +{ + int ret = 0; + BN_CTX *bn_ctx = NULL; + EVP_PKEY_CTX *key_ctx = NULL; + EVP_PKEY *param_key = NULL; + const struct dsa_pqver_st *tst = &dsa_pqver_data[id]; + + if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx)) + || !TEST_true(dsa_create_pkey(¶m_key, tst->p, tst->p_len, + tst->q, tst->q_len, NULL, 0, + tst->seed, tst->seed_len, tst->counter, + OSSL_FFC_PARAM_VALIDATE_PQ, + NULL, 0, + bn_ctx)) + || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, param_key, + NULL)) + || !TEST_int_eq(EVP_PKEY_param_check(key_ctx), tst->pass)) + goto err; + + ret = 1; +err: + BN_CTX_free(bn_ctx); + EVP_PKEY_free(param_key); + EVP_PKEY_CTX_free(key_ctx); + return ret; +} + +/* Extract r and s from a dsa signature */ +static int get_dsa_sig_rs_bytes(const unsigned char *sig, size_t sig_len, + unsigned char **r, unsigned char **s, + size_t *r_len, size_t *s_len) +{ + int ret = 0; + unsigned char *rbuf = NULL, *sbuf = NULL; + size_t r1_len, s1_len; + const BIGNUM *r1, *s1; + DSA_SIG *sign = d2i_DSA_SIG(NULL, &sig, sig_len); + + if (sign == NULL) + return 0; + DSA_SIG_get0(sign, &r1, &s1); + if (r1 == NULL || s1 == NULL) + return 0; + + r1_len = BN_num_bytes(r1); + s1_len = BN_num_bytes(s1); + rbuf = OPENSSL_zalloc(r1_len); + sbuf = OPENSSL_zalloc(s1_len); + if (rbuf == NULL || sbuf == NULL) + goto err; + if (BN_bn2binpad(r1, rbuf, r1_len) <= 0) + goto err; + if (BN_bn2binpad(s1, sbuf, s1_len) <= 0) + goto err; + *r = rbuf; + *s = sbuf; + *r_len = r1_len; + *s_len = s1_len; + ret = 1; +err: + if (ret == 0) { + OPENSSL_free(rbuf); + OPENSSL_free(sbuf); + } + DSA_SIG_free(sign); + return ret; +} + +static int dsa_siggen_test(int id) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + unsigned char *sig = NULL, *r = NULL, *s = NULL; + size_t sig_len = 0, rlen = 0, slen = 0; + const struct dsa_siggen_st *tst = &dsa_siggen_data[id]; + + if (!TEST_ptr(pkey = dsa_keygen(tst->L, tst->N))) + goto err; + + if (!TEST_true(sig_gen(pkey, NULL, tst->digest_alg, tst->msg, tst->msg_len, + &sig, &sig_len)) + || !TEST_true(get_dsa_sig_rs_bytes(sig, sig_len, &r, &s, &rlen, &slen))) + goto err; + test_output_memory("r", r, rlen); + test_output_memory("s", s, slen); + ret = 1; +err: + OPENSSL_free(r); + OPENSSL_free(s); + OPENSSL_free(sig); + EVP_PKEY_free(pkey); + return ret; +} + +static int dsa_sigver_test(int id) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + DSA_SIG *sign = NULL; + size_t sig_len; + unsigned char *sig = NULL; + BIGNUM *rbn = NULL, *sbn = NULL; + EVP_MD *md = NULL; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int digest_len; + BN_CTX *bn_ctx = NULL; + const struct dsa_sigver_st *tst = &dsa_sigver_data[id]; + + if (!TEST_ptr(bn_ctx = BN_CTX_new()) + || !TEST_true(dsa_create_pkey(&pkey, tst->p, tst->p_len, + tst->q, tst->q_len, tst->g, tst->g_len, + NULL, 0, 0, "", tst->pub, tst->pub_len, + bn_ctx))) + goto err; + + if (!TEST_ptr(sign = DSA_SIG_new()) + || !TEST_ptr(rbn = BN_bin2bn(tst->r, tst->r_len, NULL)) + || !TEST_ptr(sbn = BN_bin2bn(tst->s, tst->s_len, NULL)) + || !TEST_true(DSA_SIG_set0(sign, rbn, sbn))) + goto err; + rbn = sbn = NULL; + + if (!TEST_ptr(md = EVP_MD_fetch(libctx, tst->digest_alg, "")) + || !TEST_true(EVP_Digest(tst->msg, tst->msg_len, + digest, &digest_len, md, NULL))) + goto err; + + if (!TEST_int_gt((sig_len = i2d_DSA_SIG(sign, &sig)), 0) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) + || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) + || !TEST_int_eq(EVP_PKEY_verify(ctx, sig, sig_len, digest, digest_len), + tst->pass)) + goto err; + ret = 1; +err: + EVP_PKEY_CTX_free(ctx); + OPENSSL_free(sig); + EVP_MD_free(md); + DSA_SIG_free(sign); + EVP_PKEY_free(pkey); + BN_free(rbn); + BN_free(sbn); + BN_CTX_free(bn_ctx); + return ret; +} +#endif /* OPENSSL_NO_DSA */ + + +/* cipher encrypt/decrypt */ +static int cipher_enc(const char *alg, + const unsigned char *pt, size_t pt_len, + const unsigned char *key, size_t key_len, + const unsigned char *iv, size_t iv_len, + const unsigned char *ct, size_t ct_len, + int enc) +{ + int ret = 0, out_len = 0, len = 0; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *cipher = NULL; + unsigned char out[256] = { 0 }; + + TEST_note("%s : %s", alg, enc ? "encrypt" : "decrypt"); + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) + || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc)) + || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) + || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len)) + || !TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len))) + goto err; + out_len += len; + if (!TEST_mem_eq(out, out_len, ct, ct_len)) + goto err; + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + +static int cipher_enc_dec_test(int id) +{ + const struct cipher_st *tst = &cipher_enc_data[id]; + const int enc = 1; + + return TEST_true(cipher_enc(tst->alg, tst->pt, tst->pt_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, + tst->ct, tst->ct_len, enc)) + && TEST_true(cipher_enc(tst->alg, tst->ct, tst->ct_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, + tst->pt, tst->pt_len, !enc)); +} + +static int aes_ccm_enc_dec(const char *alg, + const unsigned char *pt, size_t pt_len, + const unsigned char *key, size_t key_len, + const unsigned char *iv, size_t iv_len, + const unsigned char *aad, size_t aad_len, + const unsigned char *ct, size_t ct_len, + const unsigned char *tag, size_t tag_len, + int enc, int pass) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int out_len, len; + unsigned char out[1024]; + + TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt", + pass ? "pass" : "fail"); + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) + || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) + || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, + NULL)) + || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, + enc ? NULL : (void *)tag)) + || !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) + || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) + || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, NULL, pt_len)) + || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len)) + || !TEST_int_eq(EVP_CipherUpdate(ctx, out, &len, pt, pt_len), pass)) + goto err; + + if (!pass) { + ret = 1; + goto err; + } + if (!TEST_true(EVP_CipherFinal_ex(ctx, out + len, &out_len))) + goto err; + if (enc) { + out_len += len; + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + tag_len, out + out_len)) + || !TEST_mem_eq(out, out_len, ct, ct_len) + || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) + goto err; + } else { + if (!TEST_mem_eq(out, out_len + len, ct, ct_len)) + goto err; + } + + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + +static int aes_ccm_enc_dec_test(int id) +{ + const struct cipher_ccm_st *tst = &aes_ccm_enc_data[id]; + + /* The tag is on the end of the cipher text */ + const size_t tag_len = tst->ct_len - tst->pt_len; + const size_t ct_len = tst->ct_len - tag_len; + const unsigned char *tag = tst->ct + ct_len; + const int enc = 1; + const int pass = 1; + + if (ct_len < 1) + return 0; + + return aes_ccm_enc_dec(tst->alg, tst->pt, tst->pt_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->ct, ct_len, tag, tag_len, enc, pass) + && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->pt, tst->pt_len, tag, tag_len, !enc, pass) + /* test that it fails if the tag is incorrect */ + && aes_ccm_enc_dec(tst->alg, tst->ct, ct_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->pt, tst->pt_len, + tag - 1, tag_len, !enc, !pass); +} + +static int aes_gcm_enc_dec(const char *alg, + const unsigned char *pt, size_t pt_len, + const unsigned char *key, size_t key_len, + const unsigned char *iv, size_t iv_len, + const unsigned char *aad, size_t aad_len, + const unsigned char *ct, size_t ct_len, + const unsigned char *tag, size_t tag_len, + int enc, int pass) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int out_len, len; + unsigned char out[1024]; + + TEST_note("%s : %s : expected to %s", alg, enc ? "encrypt" : "decrypt", + pass ? "pass" : "fail"); + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(libctx, alg, "")) + || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) + || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, iv_len, + NULL))) + goto err; + + if (!enc) { + if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, + (void *)tag))) + goto err; + } + /* + * TODO(3.0): The IV should not be set outside the boundary as it is now. + * It needs to be fed in via a dummy entropy source for this test. + */ + if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) + || !TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0)) + || !TEST_true(EVP_CipherUpdate(ctx, NULL, &len, aad, aad_len)) + || !TEST_true(EVP_CipherUpdate(ctx, out, &len, pt, pt_len))) + goto err; + + if (!TEST_int_eq(EVP_CipherFinal_ex(ctx, out + len, &out_len), pass)) + goto err; + if (!pass) { + ret = 1; + goto err; + } + out_len += len; + if (enc) { + if (!TEST_mem_eq(out, out_len, ct, ct_len) + || !TEST_true(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + tag_len, out + out_len)) + || !TEST_mem_eq(out + out_len, tag_len, tag, tag_len)) + goto err; + } else { + if (!TEST_mem_eq(out, out_len, ct, ct_len)) + goto err; + } + + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + +static int aes_gcm_enc_dec_test(int id) +{ + const struct cipher_gcm_st *tst = &aes_gcm_enc_data[id]; + int enc = 1; + int pass = 1; + + return aes_gcm_enc_dec(tst->alg, tst->pt, tst->pt_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->ct, tst->ct_len, tst->tag, tst->tag_len, + enc, pass) + && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->pt, tst->pt_len, tst->tag, tst->tag_len, + !enc, pass) + /* Fail if incorrect tag passed to decrypt */ + && aes_gcm_enc_dec(tst->alg, tst->ct, tst->ct_len, + tst->key, tst->key_len, + tst->iv, tst->iv_len, tst->aad, tst->aad_len, + tst->pt, tst->pt_len, tst->aad, tst->tag_len, + !enc, !pass); +} + +#ifndef OPENSSL_NO_DH +static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name, + const unsigned char *pub, size_t pub_len, + const unsigned char *priv, size_t priv_len, + BN_CTX *bn_ctx, int pass) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; + BIGNUM *pub_bn = NULL, *priv_bn = NULL; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || (group_name != NULL + && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string( + bld, OSSL_PKEY_PARAM_DH_GROUP, + group_name, 0), 0))) + goto err; + + if (pub != NULL) { + if (!TEST_ptr(pub_bn = BN_CTX_get(bn_ctx)) + || !TEST_ptr(BN_bin2bn(pub, pub_len, pub_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, + pub_bn))) + goto err; + } + if (priv != NULL) { + if (!TEST_ptr(priv_bn = BN_CTX_get(bn_ctx)) + || !TEST_ptr(BN_bin2bn(priv, priv_len, priv_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, + priv_bn))) + goto err; + } + + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) + || !TEST_true(EVP_PKEY_key_fromdata_init(ctx)) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, pkey, params), pass)) + goto err; + + ret = 1; +err: + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_CTX_free(ctx); + return ret; +} + +static int dh_safe_prime_keygen_test(int id) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char *priv = NULL; + unsigned char *pub = NULL; + size_t priv_len = 0, pub_len = 0; + OSSL_PARAM params[2]; + const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id]; + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, + (char *)tst->group_name, 0); + params[1] = OSSL_PARAM_construct_end(); + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "DH", NULL)) + || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) + || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params)) + || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, + &priv, &priv_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PUB_KEY, + &pub, &pub_len))) + goto err; + + test_output_memory("x", priv, priv_len); + test_output_memory("y", pub, pub_len); + ret = 1; +err: + OPENSSL_clear_free(priv, priv_len); + OPENSSL_free(pub); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(ctx); + return ret; +} + +static int dh_safe_prime_keyver_test(int id) +{ + int ret = 0; + BN_CTX *bn_ctx = NULL; + EVP_PKEY_CTX *key_ctx = NULL; + EVP_PKEY *pkey = NULL; + const struct dh_safe_prime_keyver_st *tst = &dh_safe_prime_keyver_data[id]; + + if (!TEST_ptr(bn_ctx = BN_CTX_new_ex(libctx)) + || !TEST_true(dh_create_pkey(&pkey, tst->group_name, + tst->pub, tst->pub_len, + tst->priv, tst->priv_len, bn_ctx, 1)) + || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) + || !TEST_int_eq(EVP_PKEY_check(key_ctx), tst->pass)) + goto err; + + ret = 1; +err: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(key_ctx); + BN_CTX_free(bn_ctx); + return ret; +} +#endif /* OPENSSL_NO_DH */ + + +#ifndef OPENSSL_NO_RSA +static EVP_PKEY *rsa_keygen(int bits) +{ + EVP_PKEY *key = NULL; + EVP_PKEY_CTX *keygen_ctx = NULL; + + if (!TEST_ptr(keygen_ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) + || !TEST_int_gt(EVP_PKEY_keygen_init(keygen_ctx), 0) + || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, bits)) + || !TEST_int_gt(EVP_PKEY_keygen(keygen_ctx, &key), 0)) + goto err; +err: + EVP_PKEY_CTX_free(keygen_ctx); + return key; +} + +static int rsa_create_pkey(EVP_PKEY **pkey, + const unsigned char *n, size_t n_len, + const unsigned char *e, size_t e_len, + const unsigned char *d, size_t d_len, + BN_CTX *bn_ctx) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; + BIGNUM *e_bn = NULL, *d_bn = NULL, *n_bn = NULL; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_ptr(n_bn = BN_CTX_get(bn_ctx)) + || !TEST_ptr(BN_bin2bn(n, n_len, n_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n_bn))) + goto err; + + if (e != NULL) { + if (!TEST_ptr(e_bn = BN_CTX_get(bn_ctx)) + || !TEST_ptr(BN_bin2bn(e, e_len, e_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, + e_bn))) + goto err; + } + if (d != NULL) { + if (!TEST_ptr(d_bn = BN_CTX_get(bn_ctx)) + || !TEST_ptr(BN_bin2bn(d, d_len, d_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, + d_bn))) + goto err; + } + if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) + || !TEST_true(EVP_PKEY_key_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, pkey, params))) + goto err; + + ret = 1; +err: + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free(bld); + EVP_PKEY_CTX_free(ctx); + return ret; +} + +static int rsa_keygen_test(int id) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + BIGNUM *e_bn = NULL; + BIGNUM *xp1_bn = NULL, *xp2_bn = NULL, *xp_bn = NULL; + BIGNUM *xq1_bn = NULL, *xq2_bn = NULL, *xq_bn = NULL; + unsigned char *n = NULL, *d = NULL; + unsigned char *p = NULL, *p1 = NULL, *p2 = NULL; + unsigned char *q = NULL, *q1 = NULL, *q2 = NULL; + size_t n_len = 0, d_len = 0; + size_t p_len = 0, p1_len = 0, p2_len = 0; + size_t q_len = 0, q1_len = 0, q2_len = 0; + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; + const struct rsa_keygen_st *tst = &rsa_keygen_data[id]; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_ptr(xp1_bn = BN_bin2bn(tst->xp1, tst->xp1_len, NULL)) + || !TEST_ptr(xp2_bn = BN_bin2bn(tst->xp2, tst->xp2_len, NULL)) + || !TEST_ptr(xp_bn = BN_bin2bn(tst->xp, tst->xp_len, NULL)) + || !TEST_ptr(xq1_bn = BN_bin2bn(tst->xq1, tst->xq1_len, NULL)) + || !TEST_ptr(xq2_bn = BN_bin2bn(tst->xq2, tst->xq2_len, NULL)) + || !TEST_ptr(xq_bn = BN_bin2bn(tst->xq, tst->xq_len, NULL)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP1, + xp1_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP2, + xp2_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XP, + xp_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ1, + xq1_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ2, + xq2_bn)) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ, + xq_bn)) + || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) + goto err; + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL)) + || !TEST_ptr(e_bn = BN_bin2bn(tst->e, tst->e_len, NULL)) + || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) + || !TEST_true(EVP_PKEY_CTX_set_params(ctx, params)) + || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, tst->mod)) + || !TEST_true(EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, e_bn)) + || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P1, + &p1, &p1_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_P2, + &p2, &p2_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q1, + &q1, &q1_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_TEST_Q2, + &q2, &q2_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, + &p, &p_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, + &q, &q_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, + &n, &n_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_D, + &d, &d_len))) + goto err; + + if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len) + || !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len) + || !TEST_mem_eq(tst->p, tst->p_len, p, p_len) + || !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len) + || !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len) + || !TEST_mem_eq(tst->q, tst->q_len, q, q_len) + || !TEST_mem_eq(tst->n, tst->n_len, n, n_len) + || !TEST_mem_eq(tst->d, tst->d_len, d, d_len)) + goto err; + + test_output_memory("p1", p1, p1_len); + test_output_memory("p2", p2, p2_len); + test_output_memory("p", p, p_len); + test_output_memory("q1", q1, q1_len); + test_output_memory("q2", q2, q2_len); + test_output_memory("q", q, q_len); + test_output_memory("n", n, n_len); + test_output_memory("d", d, d_len); + ret = 1; +err: + BN_free(xp1_bn); + BN_free(xp2_bn); + BN_free(xp_bn); + BN_free(xq1_bn); + BN_free(xq2_bn); + BN_free(xq_bn); + BN_free(e_bn); + OPENSSL_free(p1); + OPENSSL_free(p2); + OPENSSL_free(q1); + OPENSSL_free(q2); + OPENSSL_free(p); + OPENSSL_free(q); + OPENSSL_free(n); + OPENSSL_free(d); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free(bld); + return ret; +} + +static int rsa_siggen_test(int id) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + unsigned char *sig = NULL, *n = NULL, *e = NULL; + size_t sig_len = 0, n_len = 0, e_len = 0; + OSSL_PARAM params[4], *p; + const struct rsa_siggen_st *tst = &rsa_siggen_data[id]; + + TEST_note("RSA %s signature generation", tst->sig_pad_mode); + + p = params; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, + (char *)tst->sig_pad_mode, 0); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, + (char *)tst->digest_alg, 0); + if (tst->pss_salt_len >= 0) { + int salt_len = tst->pss_salt_len; + + *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, + &salt_len); + } + *p++ = OSSL_PARAM_construct_end(); + + if (!TEST_ptr(pkey = rsa_keygen(tst->mod)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) + || !TEST_true(sig_gen(pkey, params, tst->digest_alg, + tst->msg, tst->msg_len, + &sig, &sig_len))) + goto err; + test_output_memory("n", n, n_len); + test_output_memory("e", e, e_len); + test_output_memory("sig", sig, sig_len); + ret = 1; +err: + OPENSSL_free(n); + OPENSSL_free(e); + OPENSSL_free(sig); + EVP_PKEY_free(pkey); + return ret; +} + +static int rsa_sigver_test(int id) +{ + int ret = 0; + EVP_PKEY_CTX *pkey_ctx = NULL; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX *md_ctx = NULL; + BN_CTX *bn_ctx = NULL; + OSSL_PARAM params[4], *p; + const struct rsa_sigver_st *tst = &rsa_sigver_data[id]; + + TEST_note("RSA %s Signature Verify : expected to %s ", tst->sig_pad_mode, + tst->pass == PASS ? "pass" : "fail"); + + p = params; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, + (char *)tst->sig_pad_mode, 0); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, + (char *)tst->digest_alg, 0); + if (tst->pss_salt_len >= 0) { + int salt_len = tst->pss_salt_len; + + *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, + &salt_len); + } + *p++ = OSSL_PARAM_construct_end(); + + if (!TEST_ptr(bn_ctx = BN_CTX_new()) + || !TEST_true(rsa_create_pkey(&pkey, tst->n, tst->n_len, + tst->e, tst->e_len, NULL, 0, bn_ctx)) + || !TEST_ptr(md_ctx = EVP_MD_CTX_new()) + || !TEST_true(EVP_DigestVerifyInit_ex(md_ctx, &pkey_ctx, tst->digest_alg, + NULL, pkey, libctx) + || !TEST_true(EVP_PKEY_CTX_set_params(pkey_ctx, params)) + || !TEST_int_eq(EVP_DigestVerify(md_ctx, tst->sig, tst->sig_len, + tst->msg, tst->msg_len), tst->pass))) + goto err; + ret = 1; +err: + EVP_PKEY_free(pkey); + BN_CTX_free(bn_ctx); + EVP_MD_CTX_free(md_ctx); + return ret; +} + +static int rsa_decryption_primitive_test(int id) +{ + int ret = 0; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char pt[2048]; + size_t pt_len = sizeof(pt); + unsigned char *n = NULL, *e = NULL; + size_t n_len = 0, e_len = 0; + BN_CTX *bn_ctx = NULL; + const struct rsa_decrypt_prim_st *tst = &rsa_decrypt_prim_data[id]; + + if (!TEST_ptr(pkey = rsa_keygen(2048)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_N, &n, &n_len)) + || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_RSA_E, &e, &e_len)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, "")) + || !TEST_int_gt(EVP_PKEY_decrypt_init(ctx), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), 0)) + goto err; + + test_output_memory("n", n, n_len); + test_output_memory("e", e, e_len); + if (!EVP_PKEY_decrypt(ctx, pt, &pt_len, tst->ct, tst->ct_len)) + TEST_note("Decryption Failed"); + else + test_output_memory("pt", pt, pt_len); + ret = 1; +err: + OPENSSL_free(n); + OPENSSL_free(e); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + BN_CTX_free(bn_ctx); + return ret; +} +#endif /* OPENSSL_NO_RSA */ + + +int setup_tests(void) +{ + char *config_file = NULL; + + OPTION_CHOICE o; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_CONFIG_FILE: + config_file = opt_arg(); + break; + case OPT_TEST_CASES: + break; + default: + case OPT_ERR: + return 0; + } + } + + prov_null = OSSL_PROVIDER_load(NULL, "null"); + if (prov_null == NULL) { + opt_printf_stderr("Failed to load null provider into default libctx\n"); + return 0; + } + + libctx = OPENSSL_CTX_new(); + if (libctx == NULL + || !OPENSSL_CTX_load_config(libctx, config_file)) { + opt_printf_stderr("Failed to load config\n"); + return 0; + } + + ADD_ALL_TESTS(cipher_enc_dec_test, OSSL_NELEM(cipher_enc_data)); + ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data)); + ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data)); + +#ifndef OPENSSL_NO_RSA + ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data)); + ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data)); + ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data)); + ADD_ALL_TESTS(rsa_decryption_primitive_test, + OSSL_NELEM(rsa_decrypt_prim_data)); +#endif /* OPENSSL_NO_RSA */ + +#ifndef OPENSSL_NO_DH + ADD_ALL_TESTS(dh_safe_prime_keygen_test, + OSSL_NELEM(dh_safe_prime_keygen_data)); + ADD_ALL_TESTS(dh_safe_prime_keyver_test, + OSSL_NELEM(dh_safe_prime_keyver_data)); +#endif /* OPENSSL_NO_DH */ + +#ifndef OPENSSL_NO_DSA + ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data)); + ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data)); + ADD_ALL_TESTS(dsa_pqver_test, OSSL_NELEM(dsa_pqver_data)); + ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data)); + ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data)); +#endif /* OPENSSL_NO_DSA */ + +#ifndef OPENSSL_NO_EC + ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data)); + ADD_ALL_TESTS(ecdsa_pub_verify_test, OSSL_NELEM(ecdsa_pv_data)); + ADD_ALL_TESTS(ecdsa_siggen_test, OSSL_NELEM(ecdsa_siggen_data)); + ADD_ALL_TESTS(ecdsa_sigver_test, OSSL_NELEM(ecdsa_sigver_data)); +#endif /* OPENSSL_NO_EC */ + return 1; +} + +void cleanup_tests(void) +{ + OSSL_PROVIDER_unload(prov_null); + OPENSSL_CTX_free(libctx); +} diff --git a/test/acvp_test.inc b/test/acvp_test.inc new file mode 100644 index 0000000000..01f6d0d668 --- /dev/null +++ b/test/acvp_test.inc @@ -0,0 +1,1984 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define PASS 1 +#define FAIL 0 +#define ITM(x) x, sizeof(x) + +#ifndef OPENSSL_NO_EC + +struct ecdsa_keygen_st { + const char *curve_name; +}; + +struct ecdsa_pub_verify_st { + const char *curve_name; + const unsigned char *pub; + size_t pub_len; + int pass; +}; + +struct ecdsa_siggen_st { + const char *digest_alg; + const char *curve_name; + const unsigned char *msg; + size_t msg_len; +}; + +struct ecdsa_sigver_st { + const char *digest_alg; + const char *curve_name; + const unsigned char *msg; + size_t msg_len; + const unsigned char *pub; + size_t pub_len; + const unsigned char *r; + size_t r_len; + const unsigned char *s; + size_t s_len; + int pass; +}; + +static const struct ecdsa_keygen_st ecdsa_keygen_data[] = { + { "P-224" }, +}; + +static const unsigned char ecdsa_pv_pub0[] = { + POINT_CONVERSION_UNCOMPRESSED, + 0x50, 0x0F, 0x05, 0x86, 0xD3, 0xAA, 0x8A, 0x48, + 0x46, 0x63, 0x0D, 0xD7, 0xC7, 0x5D, 0x5F, 0x1D, + 0xB2, 0xA7, 0x9B, 0xE8, 0xC8, 0xBB, 0xBE, 0x2C, + 0x93, 0x33, 0xDC, 0xCB, 0xBB, 0x2F, 0xB3, 0xCF, + 0x55, 0x88, 0x7A, 0x97, 0xD1, 0x75, 0x73, 0xFE, + 0x92, 0x02, 0x5C, 0xC8, 0xE3, 0xF4, 0x35, 0x4B, + 0x08, 0x7E, 0xF4, 0xD3, 0x7D, 0x86, 0x06, 0x92, + 0xBA, 0x15, 0x3F, 0xCF, 0x0C, 0xC4, 0xBF, 0xBC, +}; +static const unsigned char ecdsa_pv_pub1[] = { + POINT_CONVERSION_UNCOMPRESSED, + 0x1F, 0x74, 0xD6, 0x99, 0xEB, 0x1D, 0x4F, 0x26, + 0x25, 0x5E, 0xD4, 0x6A, 0xA6, 0xD5, 0x23, 0xB3, + 0xF5, 0x5D, 0x14, 0x38, 0xE0, 0x4D, 0x23, 0x7F, + 0x9A, 0xE5, 0xB7, 0x1B, 0xF9, 0x7F, 0xAD, 0x7E, + 0x0E, 0x1C, 0x06, 0xF4, 0x20, 0xF3, 0x8E, 0x93, + 0x79, 0x11, 0x15, 0xD6, 0x82, 0x12, 0x14, 0xC2, + 0xF9, 0x30, 0x61, 0x9A, 0xC3, 0x12, 0xE3, 0x88, + 0x4E, 0xB1, 0x1A, 0x4B, 0x54, 0x6D, 0xEA, 0xCF, +}; +static const struct ecdsa_pub_verify_st ecdsa_pv_data[] = { + { + "P-256", + ITM(ecdsa_pv_pub0), + PASS + }, + { + "P-256", + ITM(ecdsa_pv_pub1), + FAIL + }, +}; + +static const unsigned char ecdsa_siggen_msg0[] = { + 0xB8, 0x65, 0x55, 0x9D, 0x54, 0x5C, 0xD2, 0xC7, + 0xC2, 0xCA, 0x96, 0xDF, 0xF3, 0x9B, 0x26, 0xED, + 0xF8, 0x16, 0x99, 0x05, 0x94, 0xA9, 0x3F, 0x69, + 0x5F, 0xE8, 0x73, 0xC5, 0xFE, 0x78, 0x28, 0x84, + 0xC0, 0xA7, 0xFA, 0x29, 0xBE, 0x37, 0x82, 0xC0, + 0x56, 0x41, 0x49, 0xAF, 0xF3, 0x59, 0xBB, 0x96, + 0xF6, 0x4B, 0x87, 0x45, 0xAB, 0x1F, 0xB2, 0xB3, + 0x8F, 0x14, 0xD4, 0xD7, 0x1C, 0x29, 0x08, 0x0C, + 0x79, 0x8A, 0x38, 0xAE, 0x32, 0x1C, 0x38, 0x80, + 0x5B, 0x45, 0x25, 0x46, 0x5D, 0xCE, 0x7D, 0x34, + 0xC0, 0x90, 0xEF, 0x06, 0x84, 0xA1, 0x0F, 0xF8, + 0x56, 0x2D, 0x46, 0xF7, 0xB7, 0xDE, 0x06, 0x7C, + 0x87, 0xA6, 0x7E, 0x71, 0x8D, 0x7B, 0x27, 0xE5, + 0x51, 0x0C, 0xE7, 0xBA, 0x18, 0x08, 0xE0, 0xD5, + 0x0B, 0x8C, 0xB6, 0x22, 0xA5, 0x8F, 0xB3, 0xF7, + 0xFB, 0xC6, 0x2A, 0x59, 0x02, 0x8A, 0x8C, 0x42, +}; +static const struct ecdsa_siggen_st ecdsa_siggen_data[] = { + { + "SHA2-256", + "P-384", + ITM(ecdsa_siggen_msg0), + }, +}; + +static const unsigned char ecdsa_sigver_msg0[] = { + 0x0b, 0x00, 0xc4, 0x3f, 0xb9, 0xcb, 0x92, 0xd3, + 0x56, 0x83, 0xc6, 0x97, 0x23, 0xf8, 0xf1, 0x0b, + 0x0a, 0xa6, 0x60, 0xca, 0x3a, 0xed, 0xba, 0x38, + 0xf7, 0x86, 0xc2, 0x6d, 0xa1, 0xb6, 0x40, 0x2c, + 0x92, 0xfe, 0x44, 0x1a, 0x19, 0x61, 0x5c, 0x02, + 0xfa, 0xd3, 0x79, 0x99, 0xb8, 0x99, 0xe8, 0x70, + 0xaa, 0x26, 0x01, 0xf2, 0xe7, 0xdc, 0x69, 0xce, + 0x9a, 0xd2, 0xaa, 0x02, 0x15, 0xab, 0x0d, 0xcb, + 0x77, 0xaf, 0xe0, 0x81, 0x6d, 0x92, 0x6e, 0x09, + 0xcd, 0x93, 0xd6, 0x22, 0x67, 0xc2, 0xd3, 0x7c, + 0x58, 0x11, 0xc8, 0x77, 0x4e, 0x97, 0x92, 0x87, + 0xcd, 0xe4, 0xc9, 0x2a, 0x77, 0xb2, 0xf0, 0xe7, + 0xd3, 0x5a, 0x20, 0x36, 0x91, 0x75, 0x23, 0xa8, + 0xcb, 0x4a, 0xd0, 0xe5, 0x95, 0x3b, 0x24, 0x2a, + 0x86, 0xa0, 0xaa, 0xbe, 0xac, 0x59, 0xd7, 0xd0, + 0xfb, 0xdf, 0x33, 0xc9, 0x73, 0xaf, 0x8a, 0x06, +}; +static const unsigned char ecdsa_sigver_msg1[] = { + 0x45, 0xBB, 0x9D, 0xDC, 0x1D, 0x0A, 0xF2, 0xD7, + 0x56, 0x07, 0x1F, 0x47, 0x2A, 0x17, 0xCE, 0x38, + 0xA8, 0x7E, 0x75, 0xED, 0x4F, 0xE4, 0x17, 0x65, + 0x11, 0x69, 0xDF, 0x04, 0xF0, 0x39, 0x28, 0xD0, + 0x75, 0xD5, 0xF0, 0x1C, 0x32, 0x84, 0x16, 0x74, + 0x7D, 0x61, 0x57, 0xDB, 0x92, 0x24, 0x60, 0xBA, + 0x58, 0x7B, 0x48, 0xB4, 0x44, 0xFB, 0xD7, 0x35, + 0xD7, 0xCF, 0x61, 0x34, 0x7F, 0x70, 0x38, 0xAE, + 0xE2, 0xB2, 0x6C, 0x8A, 0xD1, 0x27, 0xB4, 0xF0, + 0x33, 0xB9, 0xE9, 0x27, 0x1A, 0xEE, 0x34, 0x72, + 0x9D, 0x5E, 0x74, 0x28, 0xE7, 0x0B, 0x82, 0xE1, + 0x60, 0xC2, 0x43, 0xE6, 0x75, 0x4A, 0x2E, 0x66, + 0x88, 0x72, 0xCA, 0xC7, 0x97, 0xFE, 0x19, 0xCD, + 0xA4, 0x30, 0xBF, 0xC7, 0xDC, 0x37, 0xF8, 0x1B, + 0xB6, 0xD7, 0x7E, 0xAD, 0xD6, 0xC1, 0x20, 0xAC, + 0x79, 0x03, 0x89, 0xEA, 0xF4, 0x59, 0x21, 0xF2, +}; + +static const unsigned char ecdsa_sigver_pub0[] = { + POINT_CONVERSION_UNCOMPRESSED, + 0x2c, 0xdf, 0x6f, 0x23, 0x3d, 0x73, 0x86, 0x25, + 0x1a, 0x29, 0xd6, 0xde, 0x98, 0xcf, 0x85, 0xf7, + 0x6a, 0x55, 0xba, 0xdb, 0x0f, 0x35, 0x94, 0x92, + 0xb3, 0x58, 0xf3, 0x89, 0x7f, 0x6c, 0x22, 0x10, + 0xd9, 0xd3, 0x54, 0xd2, 0x74, 0x9f, 0x64, 0x0d, + 0xd2, 0xf8, 0x3e, 0xfc, 0x7f, 0xb7, 0x16, 0x36, +}; +static const unsigned char ecdsa_sigver_pub1[] = { + POINT_CONVERSION_UNCOMPRESSED, + 0x00, 0xD4, 0x79, 0x9F, 0xD9, 0x99, 0xEC, 0x21, + 0x1E, 0xE6, 0x06, 0x58, 0xB7, 0xFB, 0x76, 0xFC, + 0xF5, 0x9A, 0xE1, 0x1E, 0x5A, 0x87, 0xD7, 0x0E, + 0x21, 0x7B, 0xDE, 0x21, 0x52, 0xE6, 0xE4, 0x09, + 0x2C, 0xB8, 0x5D, 0x99, 0xE2, 0x6A, 0xB1, 0xE5, + 0x79, 0x11, 0x49, 0xBD, 0x3D, 0xC7, 0x1C, 0x48, + 0xF5, 0x83, 0xFC, 0x9E, 0xF3, 0xAB, 0x2D, 0x30, + 0x64, 0xEC, 0x22, 0xCB, 0xEB, 0x95, 0xBF, 0xF2, + 0x2D, 0xCE, + + 0x01, 0xB9, 0xFE, 0xBD, 0x4C, 0x4B, 0xDA, 0x1F, + 0x30, 0xC3, 0x5C, 0x0F, 0x5D, 0x3E, 0x36, 0x51, + 0xF2, 0xC0, 0xF7, 0xFC, 0x79, 0x25, 0x98, 0xF2, + 0x4B, 0x2B, 0x61, 0xFC, 0xD9, 0xC4, 0x5C, 0xC0, + 0x13, 0xA2, 0x4F, 0x2E, 0x34, 0xD4, 0x15, 0xC4, + 0x25, 0x13, 0xA9, 0x30, 0x35, 0x56, 0xB7, 0xCD, + 0xD0, 0xC4, 0x65, 0x5D, 0xFB, 0xB2, 0xE4, 0xBF, + 0x22, 0x67, 0xEF, 0xA1, 0x2E, 0xA2, 0x1B, 0x33, + 0xE4, 0x3D, +}; +static const unsigned char ecdsa_sigver_r0[] = { + 0x6b, 0x35, 0x62, 0x67, 0xa3, 0xbd, 0x76, 0xc8, + 0xa3, 0xdc, 0x93, 0x18, 0x82, 0x6f, 0xd2, 0x43, + 0x52, 0x18, 0x93, 0x21, 0x8e, 0xce, 0x12, 0x65, +}; +static const unsigned char ecdsa_sigver_r1[] = { + 0x01, 0xBF, 0xA6, 0x46, 0x6D, 0x4E, 0x1C, 0x42, + 0x18, 0x7D, 0x46, 0xC6, 0x5F, 0xA5, 0x05, 0xEA, + 0x1A, 0xEF, 0xDB, 0x46, 0xD1, 0x79, 0x3F, 0x2B, + 0xE2, 0x70, 0x0F, 0x14, 0x26, 0x30, 0x7F, 0x2D, + 0x1A, 0x41, 0xFD, 0x11, 0xC0, 0xBB, 0xD0, 0xD5, + 0x09, 0xAA, 0xE0, 0x1A, 0xFE, 0x59, 0x23, 0x7D, + 0x1B, 0x5C, 0xB9, 0x51, 0xCD, 0x3A, 0xA1, 0x32, + 0xC6, 0x92, 0xB0, 0x7D, 0x91, 0xC6, 0x30, 0xC0, + 0xA4, 0x2A, +}; +static const unsigned char ecdsa_sigver_s0[] = { + 0x7b, 0x92, 0x4a, 0x13, 0x8d, 0x74, 0x87, 0xb2, + 0xd4, 0xc7, 0x21, 0x73, 0x2c, 0x8a, 0x09, 0x25, + 0xac, 0x19, 0xcf, 0x9c, 0xbc, 0xd7, 0x7b, 0xf8, +}; +static const unsigned char ecdsa_sigver_s1[] = { + 0x00, 0x8D, 0x56, 0xBA, 0x60, 0x38, 0x23, 0x47, + 0xB8, 0x32, 0x73, 0x29, 0x40, 0x84, 0xF0, 0x2C, + 0x90, 0xB2, 0x1D, 0x56, 0xFF, 0x38, 0x68, 0xAA, + 0x42, 0xBA, 0x48, 0xA1, 0x52, 0x8C, 0xB4, 0xD6, + 0x15, 0xB7, 0x88, 0xB3, 0x71, 0xC6, 0x69, 0x60, + 0x6C, 0xEB, 0x4B, 0xF6, 0x19, 0x6A, 0x95, 0x8F, + 0x01, 0x09, 0xC6, 0x13, 0xE6, 0x17, 0x38, 0xC8, + 0x10, 0x49, 0x4F, 0x87, 0x43, 0x63, 0x62, 0x98, + 0xB1, 0xAC, +}; +static const struct ecdsa_sigver_st ecdsa_sigver_data[] = { + { + "SHA-1", + "P-192", + ITM(ecdsa_sigver_msg0), + ITM(ecdsa_sigver_pub0), + ITM(ecdsa_sigver_r0), + ITM(ecdsa_sigver_s0), + PASS, + }, + { + "SHA2-512", + "P-521", + ITM(ecdsa_sigver_msg1), + ITM(ecdsa_sigver_pub1), + ITM(ecdsa_sigver_r1), + ITM(ecdsa_sigver_s1), + FAIL, + }, +}; + +#endif /* OPENSSL_NO_EC */ + + +#ifndef OPENSSL_NO_DSA + +struct dsa_paramgen_st { + size_t L; + size_t N; +}; + +struct dsa_pqver_st { + const unsigned char *p; + size_t p_len; + const unsigned char *q; + size_t q_len; + const unsigned char *seed; + size_t seed_len; + int counter; + int pass; +}; + +struct dsa_siggen_st { + const char *digest_alg; + size_t L; + size_t N; + const unsigned char *msg; + size_t msg_len; +}; + +struct dsa_sigver_st { + const char *digest_alg; + const unsigned char *p; + size_t p_len; + const unsigned char *q; + size_t q_len; + const unsigned char *g; + size_t g_len; + const unsigned char *pub; + size_t pub_len; + const unsigned char *msg; + size_t msg_len; + const unsigned char *r; + size_t r_len; + const unsigned char *s; + size_t s_len; + int pass; +}; + +static const struct dsa_paramgen_st dsa_keygen_data[] = { + { 2048, 224 }, +}; + +static const struct dsa_paramgen_st dsa_paramgen_data[] = { + { 2048, 256 }, +}; + +/* dsa_pqver */ +static const unsigned char dsa_pqver_p0[] = { + 0xEF, 0xC7, 0x95, 0xEB, 0x1E, 0x1C, 0x8F, 0x5E, + 0x4A, 0x85, 0xCD, 0x20, 0x66, 0xC7, 0xB9, 0x6C, + 0x4E, 0xC4, 0xE7, 0x3B, 0x7B, 0x8E, 0x0E, 0x8C, + 0x00, 0xF5, 0x2E, 0x68, 0xF5, 0xC2, 0x89, 0x47, + 0xA5, 0x7B, 0xA6, 0xA3, 0x30, 0xBC, 0xFA, 0x25, + 0x29, 0xBD, 0xE2, 0x4D, 0x05, 0x0B, 0x6D, 0x2D, + 0x49, 0x50, 0x53, 0xEF, 0x8C, 0xBE, 0xC3, 0xEC, + 0x92, 0xC1, 0x45, 0xE3, 0x95, 0x39, 0x72, 0x58, + 0xFD, 0x93, 0x23, 0x06, 0x37, 0xD6, 0x56, 0x1F, + 0x75, 0x92, 0xAD, 0x15, 0xA9, 0x88, 0x25, 0x3F, + 0xD6, 0x47, 0xB5, 0xB1, 0x32, 0x01, 0x2D, 0x70, + 0x55, 0xB9, 0x5D, 0xED, 0x1B, 0x40, 0x39, 0x78, + 0x74, 0xA6, 0xDF, 0x4B, 0xE4, 0x86, 0x8B, 0x56, + 0x46, 0x1E, 0xDB, 0x04, 0xD2, 0xD2, 0x50, 0xE9, + 0x5D, 0x88, 0xA8, 0x84, 0x55, 0xE3, 0xF3, 0xB7, + 0x07, 0x54, 0x9E, 0x98, 0x03, 0x9F, 0x31, 0x86, + 0xEB, 0x0D, 0x26, 0x97, 0x30, 0x31, 0x34, 0x64, + 0x35, 0x56, 0x40, 0x35, 0xEA, 0xE5, 0x00, 0x90, + 0xBD, 0x20, 0x93, 0xFC, 0xAD, 0x70, 0x9A, 0xF5, + 0xB8, 0xA4, 0xAD, 0xEC, 0xFE, 0x64, 0xF4, 0x2C, + 0x11, 0x25, 0x68, 0x27, 0x0E, 0x5C, 0x81, 0x57, + 0x64, 0x9A, 0x50, 0x86, 0xA3, 0x69, 0x61, 0x1E, + 0x0D, 0x62, 0xE9, 0x4D, 0x44, 0x1E, 0x1E, 0xE1, + 0x6D, 0x8F, 0x10, 0x67, 0x82, 0xB6, 0x6A, 0xD0, + 0x08, 0x59, 0xF3, 0xBA, 0xE8, 0x29, 0xE0, 0x60, + 0x1F, 0x3E, 0xBA, 0xAB, 0x6E, 0xB6, 0x5B, 0xAF, + 0xCC, 0x76, 0x5D, 0x70, 0x7F, 0x3A, 0xAA, 0x7E, + 0x27, 0x23, 0x6F, 0x8E, 0xF8, 0x06, 0xC1, 0x3E, + 0xAE, 0xBE, 0x22, 0x71, 0x93, 0xEC, 0x9A, 0x33, + 0x3C, 0xA4, 0x77, 0xD4, 0x76, 0x79, 0x10, 0x5A, + 0xF4, 0x07, 0x52, 0x66, 0x9D, 0xC5, 0xFD, 0xDA, + 0xA1, 0xE7, 0xA2, 0x45, 0x27, 0x08, 0x54, 0xB9, + 0x3B, 0xEC, 0x07, 0xFB, 0xE0, 0xF4, 0x4B, 0x7C, + 0xB1, 0x04, 0x2B, 0x0E, 0x65, 0x3A, 0xF7, 0x65, + 0x57, 0x65, 0xCF, 0x36, 0x28, 0x2A, 0x1C, 0x57, + 0x10, 0x28, 0x02, 0x26, 0xF7, 0x45, 0xAA, 0x1B, + 0x2E, 0xE3, 0x25, 0xEA, 0x28, 0xA1, 0x84, 0x1E, + 0xA1, 0xA3, 0xAB, 0x52, 0x25, 0xD4, 0x64, 0xB2, + 0xA8, 0xA5, 0xFD, 0x2F, 0x48, 0x90, 0x28, 0x8F, + 0x8B, 0x10, 0x7F, 0x6F, 0x80, 0xA9, 0x4B, 0xB3, + 0xC0, 0x5B, 0x27, 0xE9, 0x90, 0x90, 0x53, 0xA8, + 0x30, 0x88, 0xD4, 0x9B, 0x09, 0x62, 0xCD, 0x99, + 0x61, 0x63, 0x14, 0xDF, 0xC3, 0x5A, 0x60, 0xBE, + 0xA3, 0x40, 0xAB, 0x29, 0x3E, 0xB2, 0x02, 0x19, + 0x9D, 0x97, 0x75, 0x34, 0x0D, 0x71, 0x3B, 0xEC, + 0xF1, 0x13, 0x23, 0xE6, 0xCA, 0x35, 0x84, 0xFF, + 0x27, 0x4A, 0xE0, 0x11, 0x59, 0xEB, 0x1D, 0x8C, + 0xFF, 0xF3, 0x91, 0x90, 0x3C, 0xE9, 0x43, 0x31, +}; +static const unsigned char dsa_pqver_p1[] = { + 0x83, 0xA6, 0x8F, 0xE5, 0xFE, 0xF0, 0x9D, 0x9E, + 0x8A, 0x80, 0x9C, 0x47, 0xEF, 0xBE, 0x1A, 0xD0, + 0x7F, 0xEA, 0x6D, 0x08, 0x59, 0x2D, 0x04, 0xB6, + 0xAC, 0x2A, 0x54, 0x47, 0x42, 0xB2, 0x5F, 0x28, + 0xF6, 0x30, 0x36, 0xE3, 0xDA, 0x4E, 0xDC, 0xC1, + 0x6E, 0x61, 0xCE, 0x45, 0x1C, 0x73, 0x87, 0x3E, + 0xB7, 0x94, 0xDB, 0x68, 0xEE, 0xFD, 0x8D, 0x93, + 0x5E, 0x5D, 0xAB, 0x77, 0xA2, 0xF0, 0xD6, 0x60, + 0xCD, 0x9D, 0x13, 0xE0, 0xA6, 0xE7, 0xEC, 0x45, + 0xBA, 0xD8, 0xB0, 0x3D, 0x4F, 0x75, 0x30, 0xB7, + 0x89, 0x96, 0x2B, 0x48, 0xFC, 0x73, 0xB8, 0x5C, + 0x59, 0xDC, 0x41, 0xEF, 0xCE, 0xC6, 0x7F, 0x66, + 0x4F, 0xB6, 0x1F, 0x9C, 0x91, 0xB4, 0xEE, 0xAA, + 0x2C, 0x4A, 0x7F, 0x1F, 0xBF, 0xE2, 0x9A, 0xF2, + 0x9F, 0x52, 0x83, 0x30, 0x97, 0x86, 0x7F, 0xA2, + 0x85, 0x20, 0x75, 0x75, 0xAD, 0x01, 0xE2, 0x40, + 0x3A, 0x82, 0xD8, 0x52, 0x91, 0x15, 0x67, 0x1B, + 0x00, 0x78, 0xFD, 0x3E, 0x61, 0x8A, 0xA8, 0x1D, + 0x1A, 0x07, 0x8E, 0x87, 0x48, 0x64, 0x1E, 0x5B, + 0x05, 0x34, 0x7E, 0x5D, 0xD6, 0x11, 0xC4, 0xB7, + 0x0E, 0xF3, 0x91, 0xC7, 0x2B, 0xAD, 0x22, 0x96, + 0xA3, 0xF7, 0x4E, 0xEB, 0xE4, 0x9F, 0x67, 0x91, + 0x9D, 0x65, 0x45, 0x8F, 0x92, 0x2F, 0x8B, 0x46, + 0xCC, 0x4B, 0xB9, 0xC5, 0xD0, 0x00, 0xFF, 0xBB, + 0x37, 0xD6, 0x20, 0x36, 0x7D, 0x4A, 0xC3, 0x75, + 0xAC, 0x58, 0xE5, 0x24, 0x54, 0x47, 0x80, 0x2C, + 0x83, 0xBD, 0xC8, 0xA7, 0x87, 0x20, 0x3D, 0xA8, + 0x78, 0xE2, 0xC5, 0x4E, 0xE8, 0x4E, 0x3C, 0xFA, + 0x75, 0xA0, 0x8D, 0x35, 0x8E, 0xF2, 0x61, 0x19, + 0x84, 0x9C, 0x71, 0x95, 0x5B, 0x09, 0xE1, 0xB6, + 0xC6, 0x6A, 0x7C, 0x34, 0x39, 0x67, 0x14, 0xAB, + 0xA7, 0x6B, 0x45, 0x01, 0xF0, 0x0F, 0x52, 0xB5, + 0x23, 0xD9, 0x67, 0x57, 0x91, 0x9F, 0xC2, 0xA9, + 0xB6, 0x7C, 0x15, 0x59, 0x3E, 0x22, 0x89, 0xD6, + 0x0B, 0x83, 0xB4, 0x29, 0xEF, 0x0B, 0x66, 0x30, + 0x2D, 0xE7, 0xC5, 0x04, 0x1F, 0x28, 0x7D, 0x9F, + 0xC9, 0x87, 0x05, 0xC6, 0x1B, 0x18, 0x1F, 0x3B, + 0x90, 0x00, 0x31, 0x5B, 0xDC, 0x19, 0x7D, 0x71, + 0xE4, 0xA4, 0x21, 0xB5, 0x37, 0xE7, 0x9B, 0xA4, + 0xBC, 0x04, 0xF8, 0x0A, 0x95, 0x3F, 0xDB, 0x30, + 0xA5, 0xC9, 0xC2, 0xD7, 0x19, 0x9D, 0x57, 0x77, + 0x44, 0xB7, 0x47, 0xBD, 0xA1, 0x01, 0xEB, 0x51, + 0xA4, 0xB2, 0x8B, 0x1A, 0x51, 0xA4, 0xCC, 0x07, + 0x57, 0x19, 0xFB, 0xFC, 0xAA, 0x42, 0xCC, 0x2A, + 0xCE, 0xF8, 0xFD, 0xF8, 0x92, 0xC4, 0xDC, 0x7B, + 0x0B, 0x92, 0x9A, 0xD7, 0xC5, 0xBC, 0x6D, 0x74, + 0x13, 0x0E, 0xD2, 0x8F, 0x86, 0xEB, 0x8D, 0xD7, + 0xC6, 0xAC, 0x43, 0xD8, 0x00, 0x80, 0x53, 0x57, +}; +static const unsigned char dsa_pqver_q0[] = { + 0xCB, 0x74, 0xE6, 0x57, 0x37, 0x0F, 0x7A, 0x61, + 0x0B, 0x09, 0xCE, 0x91, 0x78, 0x06, 0x3C, 0x7F, + 0x20, 0xF5, 0xD1, 0x1E, 0x1D, 0xC2, 0x43, 0xBA, + 0x89, 0xC8, 0x4A, 0x49, 0x83, 0x38, 0xE1, 0x2D, +}; +static const unsigned char dsa_pqver_q1[] = { + 0x85, 0x2B, 0x77, 0x9B, 0x1B, 0x70, 0x6F, 0x8C, + 0x10, 0xF3, 0x2F, 0xA9, 0xC2, 0xEE, 0xF6, 0x74, + 0x78, 0x5F, 0xD5, 0x5E, 0x2C, 0x34, 0xAF, 0xD1, + 0x25, 0x63, 0x96, 0x6D, 0x6D, 0x84, 0x68, 0x3F, +}; +static const unsigned char dsa_pqver_seed0[] = { + 0x33, 0xDC, 0x43, 0xAF, 0xC4, 0x51, 0x5C, 0x3B, + 0x8B, 0x8A, 0x0D, 0x5D, 0xA2, 0x84, 0xDE, 0x6D, + 0xCC, 0x6C, 0xFD, 0x42, 0x37, 0x98, 0xFB, 0x66, + 0xAB, 0xD3, 0x73, 0x96, 0x1F, 0xC5, 0xD1, 0x46, +}; +static const unsigned char dsa_pqver_seed1[] = { + 0xEE, 0xA4, 0x02, 0x70, 0x0B, 0x89, 0xB7, 0x96, + 0x52, 0x5C, 0x00, 0xC4, 0x8E, 0x14, 0x45, 0x0F, + 0x6A, 0x18, 0x00, 0xF7, 0x24, 0x52, 0x41, 0x0E, + 0x33, 0x41, 0xD2, 0x91, 0xC3, 0x16, 0x7D, 0x5D, +}; +static const struct dsa_pqver_st dsa_pqver_data[] = { + { + ITM(dsa_pqver_p0), + ITM(dsa_pqver_q0), + ITM(dsa_pqver_seed0), + 1956, + PASS + }, + { + ITM(dsa_pqver_p1), + ITM(dsa_pqver_q1), + ITM(dsa_pqver_seed1), + 685, + FAIL + }, +}; + +/* dsa_siggen */ +static const unsigned char dsa_siggen_msg0[]= { + 0x85, 0x01, 0x2F, 0x61, 0x1C, 0x36, 0xA8, 0xE1, + 0x54, 0x55, 0x13, 0xFA, 0x00, 0x58, 0x1E, 0xD4, + 0xF2, 0x4C, 0x54, 0x67, 0xB3, 0xEA, 0x48, 0x2C, + 0xD1, 0x27, 0xBE, 0x5F, 0x26, 0x35, 0xD4, 0x00, + 0xDD, 0x6C, 0xD8, 0xE8, 0x3C, 0x6D, 0x2D, 0x50, + 0x01, 0x53, 0xC7, 0xB5, 0xA3, 0x8E, 0x9A, 0x85, + 0xA6, 0x53, 0x8C, 0x46, 0x55, 0x02, 0xA1, 0x5E, + 0xEA, 0x6C, 0xCF, 0x4A, 0x86, 0xA9, 0x34, 0x1B, + 0x0B, 0xB6, 0x88, 0x9A, 0xDE, 0xC4, 0x27, 0x7F, + 0x93, 0xAA, 0x69, 0x54, 0x48, 0x33, 0x98, 0xA0, + 0x71, 0x45, 0x09, 0x5A, 0x51, 0xDF, 0xB6, 0x66, + 0x06, 0xB7, 0xAD, 0x64, 0xED, 0xC1, 0xFA, 0x6B, + 0xA8, 0x0F, 0xE8, 0x3C, 0x2E, 0x0C, 0xCB, 0xB0, + 0xAE, 0xDE, 0x25, 0x0C, 0x68, 0xA8, 0x15, 0x97, + 0xD0, 0xBC, 0x0B, 0x81, 0x15, 0xDC, 0x2B, 0xF3, + 0xF2, 0xB7, 0xA7, 0xA9, 0x74, 0xD6, 0x5D, 0xB8, + 0xB7, 0xD1, 0xFC, 0x5D, 0xCA, 0x69, 0x5D, 0x7D, + 0xC6, 0x1E, 0x37, 0x7D, 0xD3, 0xA9, 0x1E, 0xAE, + 0x60, 0x22, 0x3A, 0x4B, 0x7A, 0xB1, 0x3D, 0xA4, + 0x6D, 0xB3, 0xA5, 0x8C, 0x89, 0x91, 0xCF, 0xE6, + 0x5B, 0xF9, 0xB6, 0x87, 0x56, 0x75, 0xB9, 0x0B, + 0x08, 0x85, 0x32, 0x52, 0x81, 0x99, 0xA7, 0x98, + 0x44, 0x30, 0x3B, 0x44, 0xBC, 0xB8, 0xB2, 0x6D, + 0x59, 0x52, 0xD3, 0x84, 0x74, 0x65, 0x02, 0xF9, + 0x71, 0xB9, 0x16, 0x7A, 0x42, 0x62, 0xDE, 0x9B, + 0x66, 0xF6, 0x04, 0x2C, 0x1F, 0x96, 0xF7, 0x41, + 0x38, 0x1A, 0xF1, 0x8C, 0x8A, 0x40, 0x9F, 0x72, + 0x73, 0xF9, 0xE9, 0x35, 0x11, 0x1F, 0x02, 0x0C, + 0xB1, 0x51, 0xE8, 0x78, 0xDB, 0xE0, 0xB2, 0x35, + 0xBD, 0xC5, 0x84, 0x5B, 0x2B, 0x25, 0x66, 0x42, + 0x87, 0xE5, 0xA4, 0x77, 0x71, 0xB4, 0x4A, 0x59, + 0x31, 0xF1, 0x5A, 0xF5, 0x98, 0x9C, 0x61, 0xEA, + 0x52, 0x2F, 0x51, 0x85, 0xD9, 0x7F, 0x26, 0xDD, + 0x91, 0x63, 0x41, 0xD5, 0x99, 0xD1, 0x64, 0xCE, + 0xEE, 0x82, 0xD1, 0x73, 0x0A, 0x54, 0x3B, 0x03, + 0xD7, 0xC1, 0xF7, 0x01, 0xBD, 0x44, 0x99, 0xFE, + 0x9B, 0x1E, 0x2C, 0x8F, 0xF4, 0x55, 0xC5, 0x59, + 0x58, 0xAF, 0xCB, 0xAD, 0xB8, 0x22, 0x1A, 0x29, + 0xF3, 0x18, 0x39, 0x31, 0x9B, 0xFC, 0x08, 0x7E, + 0xBE, 0x45, 0xDA, 0x9E, 0xD8, 0x7F, 0x8C, 0x5D, + 0x10, 0xF9, 0xF8, 0xB4, 0xFA, 0x58, 0xE6, 0x28, + 0xB4, 0x6C, 0x70, 0x12, 0xD2, 0xFA, 0x49, 0xB2, + 0x5F, 0xD0, 0x81, 0x4A, 0xA1, 0xAA, 0xF8, 0x93, + 0xD2, 0x26, 0xE7, 0xDA, 0x7D, 0x79, 0xC5, 0xC8, + 0xC2, 0x9E, 0xA7, 0x01, 0xD5, 0x7A, 0xF9, 0x75, + 0x62, 0xDB, 0xDC, 0x93, 0x90, 0xDA, 0xA5, 0xA6, + 0x20, 0x58, 0x17, 0x9E, 0x47, 0x4E, 0xFB, 0xB8, + 0xFB, 0xCD, 0x2E, 0xF4, 0xCD, 0x49, 0x03, 0x90, +}; +static struct dsa_siggen_st dsa_siggen_data[] = { + { + "SHA2-384", + 3072, + 256, + ITM(dsa_siggen_msg0), + }, +}; + +/* dsa_sigver */ +static const unsigned char dsa_sigver_p0[] = { + 0xD2, 0x90, 0x2E, 0x38, 0xA5, 0x32, 0xBB, 0x63, + 0xE0, 0xC3, 0x20, 0xD9, 0x26, 0x06, 0x21, 0x06, + 0x85, 0x3A, 0x4C, 0xE3, 0x13, 0x83, 0xCA, 0x43, + 0x8C, 0x9C, 0x76, 0xC0, 0x65, 0x60, 0x27, 0x7E, + 0x7C, 0xA0, 0x83, 0x9F, 0x65, 0x91, 0xF9, 0x16, + 0x5F, 0xE8, 0x60, 0x0C, 0xC6, 0x91, 0x20, 0x35, + 0xE7, 0xF1, 0x83, 0xE6, 0xF8, 0x8C, 0xBB, 0x4C, + 0xFF, 0xF5, 0x4D, 0x09, 0x8E, 0x83, 0x72, 0xCB, + 0x22, 0x5F, 0xD0, 0x85, 0xA9, 0x60, 0x3C, 0x4A, + 0xA6, 0xDD, 0x73, 0x1F, 0xCF, 0xD0, 0xD7, 0x42, + 0xB8, 0x72, 0x61, 0xDB, 0x91, 0xE3, 0xBB, 0x5C, + 0x21, 0x41, 0xFD, 0x97, 0xD0, 0x81, 0x72, 0x53, + 0x77, 0xE0, 0x15, 0x9E, 0xC0, 0xD0, 0x6A, 0xB4, + 0x7F, 0xF8, 0x63, 0x39, 0x1A, 0x25, 0x63, 0x84, + 0x4D, 0xBA, 0x2C, 0x29, 0x94, 0x28, 0xCE, 0x5B, + 0x9A, 0xC3, 0x14, 0xAD, 0x9D, 0x82, 0x1D, 0x8F, + 0xF3, 0xE9, 0x60, 0x65, 0x28, 0x0B, 0x0E, 0x48, + 0x6B, 0xCC, 0x05, 0x9D, 0x3B, 0x1F, 0x1D, 0x0A, + 0xA7, 0xF8, 0x22, 0xB0, 0xE1, 0x52, 0xB0, 0x25, + 0x8F, 0xEA, 0x25, 0x28, 0xC9, 0x6F, 0x44, 0xCD, + 0xA4, 0x16, 0x13, 0xE8, 0xD0, 0xDB, 0x43, 0x6E, + 0xCE, 0xEC, 0x0B, 0xA8, 0x3E, 0x53, 0x10, 0xA2, + 0x52, 0x0E, 0xBB, 0x63, 0x63, 0x84, 0x2C, 0x12, + 0x93, 0x29, 0x98, 0xAF, 0x38, 0x8F, 0x0B, 0x86, + 0x16, 0x99, 0x0E, 0x39, 0xA8, 0x4A, 0x0B, 0xCD, + 0xAA, 0x66, 0x8F, 0x4C, 0x15, 0xB7, 0xA5, 0xBB, + 0x22, 0x77, 0x8D, 0xE8, 0x05, 0x35, 0x2D, 0xAA, + 0x8D, 0x83, 0xDE, 0xBC, 0x15, 0x3D, 0xC2, 0x95, + 0x0E, 0x47, 0x85, 0x41, 0xAD, 0xE3, 0xB1, 0x70, + 0x76, 0x1B, 0x62, 0x9E, 0x96, 0x8B, 0x18, 0xD7, + 0xE3, 0xB5, 0xF8, 0x6E, 0x85, 0x67, 0x61, 0x54, + 0x7C, 0x85, 0x08, 0x91, 0xF4, 0x46, 0x3F, 0x01, + 0x99, 0x48, 0x18, 0x3C, 0x0D, 0xC7, 0x2D, 0xEC, + 0xA4, 0x11, 0x1D, 0x4F, 0x7F, 0xBF, 0x3A, 0xE8, + 0x9C, 0x1C, 0xAE, 0x9E, 0x30, 0x32, 0x1F, 0x81, + 0xEF, 0x14, 0xFE, 0x5C, 0xC2, 0x5C, 0xD0, 0x6A, + 0x7C, 0x18, 0x88, 0x9F, 0xC4, 0x97, 0x7D, 0x4B, + 0x3B, 0x01, 0xEB, 0x59, 0x58, 0x1C, 0x00, 0x6B, + 0x3E, 0xD6, 0x80, 0x80, 0x86, 0x06, 0x39, 0x88, + 0x0D, 0x23, 0x1E, 0xD6, 0x5E, 0x1F, 0x92, 0x3B, + 0xEC, 0x50, 0x0B, 0xA0, 0x83, 0x4F, 0x10, 0xDE, + 0xAF, 0x7B, 0x19, 0xBC, 0xBD, 0x72, 0xE6, 0x42, + 0xFE, 0xD7, 0xEF, 0x22, 0xD3, 0x83, 0x6B, 0x30, + 0xA3, 0x95, 0x0D, 0x3E, 0x61, 0x9E, 0xBC, 0x0E, + 0x14, 0x7E, 0x61, 0x05, 0x3D, 0xBA, 0x4E, 0xEF, + 0x31, 0x75, 0x5D, 0x10, 0x1E, 0xBA, 0xBD, 0xBA, + 0x89, 0x4D, 0x3A, 0x5B, 0x03, 0xB1, 0xAE, 0x27, + 0x47, 0x2D, 0x03, 0xB1, 0x8A, 0x74, 0x1B, 0xF3, +}; +static const unsigned char dsa_sigver_q0[] = { + 0xAC, 0x71, 0x8D, 0x81, 0x05, 0x2F, 0xAB, 0x72, + 0xB9, 0x96, 0x94, 0x98, 0xB5, 0x19, 0x2B, 0xE2, + 0x78, 0x06, 0xAA, 0x32, 0xFC, 0xB9, 0xD2, 0xFD, + 0x26, 0xC4, 0x50, 0x6F, 0x81, 0xD8, 0x04, 0xAB, +}; +static const unsigned char dsa_sigver_g0[] = { + 0x3D, 0x0B, 0x46, 0x39, 0x13, 0xFF, 0x67, 0xA8, + 0x8C, 0xE8, 0x8A, 0x46, 0x46, 0x9A, 0xE6, 0x70, + 0xA1, 0xF5, 0x48, 0xF5, 0x84, 0xF8, 0x93, 0x57, + 0x9A, 0x4F, 0x2C, 0xD4, 0x26, 0x49, 0x1C, 0x83, + 0x64, 0x14, 0x0B, 0x5B, 0xEF, 0x6F, 0x6F, 0x91, + 0x14, 0xC5, 0x4D, 0xE8, 0x86, 0x47, 0x5C, 0xFC, + 0xAE, 0xBF, 0xD8, 0x32, 0xE2, 0x96, 0xB9, 0x61, + 0x70, 0x3F, 0x24, 0x29, 0xFA, 0x41, 0x5D, 0x8E, + 0xD0, 0xB0, 0xF1, 0x26, 0xD5, 0x7C, 0xE6, 0x17, + 0x48, 0xE5, 0x04, 0x0E, 0x58, 0x14, 0xEE, 0xBA, + 0x64, 0xE9, 0xF1, 0x6A, 0x7C, 0x17, 0xAB, 0x7B, + 0x28, 0xCF, 0x69, 0x7D, 0xDC, 0x54, 0xCA, 0xF2, + 0x4C, 0x22, 0x17, 0xDD, 0xC3, 0x1A, 0x02, 0xE2, + 0x8E, 0xE6, 0xA4, 0xFB, 0x84, 0x27, 0x2B, 0xE8, + 0x14, 0xF3, 0x3D, 0xAC, 0x59, 0x0C, 0xAB, 0x69, + 0x0E, 0x73, 0xDF, 0x82, 0xC1, 0xDE, 0xD7, 0xD9, + 0xA7, 0xCA, 0x8F, 0x4B, 0xCE, 0x8A, 0x05, 0xBD, + 0x07, 0xC8, 0x29, 0xBB, 0x46, 0x29, 0x2A, 0x4F, + 0xA7, 0x12, 0x19, 0x91, 0x01, 0xA0, 0xAE, 0x16, + 0xEF, 0xC1, 0xC5, 0x4B, 0x03, 0xF0, 0x53, 0xDC, + 0xFC, 0x1C, 0xC4, 0x73, 0xB7, 0xBF, 0x53, 0xEB, + 0x19, 0x63, 0xCA, 0x30, 0x53, 0x54, 0x12, 0x90, + 0x0E, 0x43, 0xC7, 0x66, 0xFF, 0x29, 0xFC, 0xA4, + 0xE8, 0xF6, 0x4B, 0x76, 0x3B, 0xA2, 0x65, 0x6B, + 0x9E, 0xFA, 0xBA, 0x5B, 0x54, 0x94, 0x34, 0xF6, + 0xD1, 0x20, 0x2A, 0xF7, 0x39, 0x72, 0xA3, 0xDB, + 0xD1, 0x8F, 0xA6, 0x4D, 0x1B, 0xB1, 0x2D, 0xC5, + 0x7F, 0xC5, 0x2C, 0x7E, 0x6D, 0xD9, 0xC8, 0xC2, + 0x19, 0xC0, 0xC4, 0xC2, 0x77, 0xD9, 0x4C, 0x63, + 0x77, 0x59, 0x0C, 0x5B, 0xFE, 0x69, 0xEF, 0xBF, + 0x58, 0x47, 0x69, 0x3E, 0x49, 0xA7, 0x1B, 0x98, + 0x6C, 0xE5, 0xA7, 0x42, 0x8B, 0x0E, 0x68, 0x05, + 0x48, 0x80, 0x39, 0xF4, 0x02, 0x9E, 0xE2, 0x9F, + 0x1C, 0xDA, 0x24, 0xC5, 0xB8, 0xEC, 0x03, 0xEA, + 0x7A, 0x00, 0xDF, 0xCF, 0x58, 0xD0, 0xE7, 0xB7, + 0xF3, 0xE7, 0x36, 0xDD, 0x1F, 0x65, 0xF9, 0x2D, + 0x6F, 0xC3, 0xE4, 0x72, 0xFD, 0xBA, 0x58, 0x8D, + 0xB5, 0xDF, 0x61, 0x3D, 0x3B, 0xB5, 0xF3, 0x08, + 0xE7, 0x21, 0x5A, 0x7D, 0xFF, 0x02, 0x1E, 0x0E, + 0x4E, 0xB5, 0x0D, 0x3D, 0x33, 0xF4, 0xA7, 0x6D, + 0xF7, 0x96, 0xC2, 0x96, 0x85, 0x33, 0x9C, 0x58, + 0x72, 0x5C, 0x97, 0x73, 0x0E, 0xDC, 0x5C, 0x6B, + 0x3D, 0x68, 0xF7, 0xF0, 0x0F, 0xCC, 0x01, 0xBB, + 0x47, 0x01, 0x3C, 0xB0, 0x52, 0x48, 0x70, 0xB8, + 0x0C, 0x0F, 0x04, 0xB5, 0x8F, 0x70, 0x50, 0x12, + 0x7C, 0x9D, 0xD1, 0xC1, 0x2B, 0xFE, 0x95, 0x31, + 0x8F, 0x2D, 0xFA, 0xAC, 0xAE, 0x24, 0xDD, 0x13, + 0xDA, 0x76, 0xC2, 0x34, 0xB9, 0x4A, 0x3E, 0xC3, +}; +static const unsigned char dsa_sigver_pub0[] = { + 0x91, 0x78, 0x1C, 0xBA, 0x8A, 0x2F, 0xF6, 0xEC, + 0x9B, 0xD4, 0x73, 0x2C, 0x1F, 0xC0, 0xFE, 0x79, + 0xCF, 0xAC, 0x0C, 0x3C, 0x0D, 0x81, 0x85, 0x3D, + 0xCD, 0x67, 0x2B, 0x77, 0x99, 0x4A, 0x51, 0x48, + 0x58, 0x03, 0xC9, 0x68, 0xE6, 0x19, 0x26, 0x28, + 0xDC, 0x86, 0x9F, 0x8F, 0xCE, 0xDD, 0x1B, 0xCD, + 0xDD, 0x63, 0x4E, 0xCE, 0x76, 0x4D, 0xD5, 0x0D, + 0x71, 0x73, 0x04, 0x03, 0x9C, 0x35, 0xD0, 0x56, + 0x98, 0x25, 0xA7, 0x06, 0xF2, 0x6B, 0xA9, 0x9F, + 0x9A, 0xB1, 0x2A, 0xBD, 0xB7, 0x71, 0x62, 0x99, + 0x06, 0x47, 0x77, 0x22, 0x57, 0xFA, 0x24, 0x21, + 0x21, 0xB0, 0x78, 0x26, 0x7E, 0xEC, 0xB6, 0xEB, + 0x82, 0x15, 0x53, 0x68, 0xAE, 0xAC, 0x5B, 0xDC, + 0xA6, 0x7F, 0x6B, 0x26, 0xE6, 0x59, 0x22, 0x55, + 0x1C, 0x3B, 0xFD, 0xD5, 0x90, 0xA9, 0x6F, 0xB3, + 0xE6, 0x99, 0x8E, 0x26, 0x72, 0xA1, 0x02, 0xAA, + 0x37, 0xF6, 0x89, 0x68, 0xF1, 0x5A, 0x6D, 0x54, + 0xAD, 0x9D, 0xF3, 0x03, 0xBE, 0x3F, 0x9D, 0x85, + 0x38, 0x25, 0xB8, 0xDF, 0xB8, 0x43, 0x21, 0xCA, + 0xF8, 0xDC, 0x12, 0x40, 0x1E, 0xEF, 0x37, 0x40, + 0xCE, 0x0E, 0x02, 0x88, 0x63, 0x98, 0x2E, 0x93, + 0x89, 0xB0, 0x43, 0xAC, 0x0E, 0x62, 0x4C, 0x38, + 0x14, 0xAC, 0x0C, 0xA3, 0x03, 0x10, 0x8E, 0xB4, + 0x60, 0x10, 0x9B, 0xCC, 0x16, 0xA7, 0xB8, 0x1D, + 0x73, 0x81, 0x26, 0x12, 0xA8, 0x9A, 0xFE, 0x17, + 0xBB, 0x2D, 0x33, 0x5E, 0x8C, 0xA4, 0x80, 0xBF, + 0x84, 0x37, 0xCA, 0x0F, 0x50, 0x23, 0x79, 0x20, + 0x2A, 0x8E, 0xD1, 0x1F, 0x9F, 0x89, 0x98, 0x4F, + 0xF5, 0xB6, 0x0F, 0xB9, 0x3C, 0xFC, 0x6C, 0x00, + 0xBC, 0x76, 0x2F, 0xB4, 0xFD, 0x22, 0x13, 0x37, + 0x26, 0xCD, 0x9B, 0xAF, 0x4C, 0x89, 0x16, 0xD0, + 0x73, 0x44, 0xF9, 0x71, 0x60, 0xA2, 0x3E, 0xFE, + 0x24, 0xFE, 0xFC, 0xFE, 0x90, 0x91, 0xED, 0x92, + 0x57, 0x0A, 0xFA, 0xEB, 0x21, 0x99, 0xE3, 0x9A, + 0xFF, 0x5C, 0x74, 0x85, 0xC2, 0x6D, 0x83, 0x90, + 0xEE, 0x84, 0x05, 0x1A, 0x00, 0xAC, 0x87, 0xA7, + 0x78, 0x87, 0xCA, 0x70, 0xFC, 0xB0, 0xF4, 0x3B, + 0x61, 0x7C, 0xD0, 0x09, 0x63, 0x2B, 0x5E, 0xC2, + 0xFE, 0x15, 0x41, 0xB3, 0x9F, 0xFC, 0x19, 0xE3, + 0x4D, 0x3C, 0x6F, 0x89, 0xEB, 0x8A, 0x43, 0xEC, + 0x8E, 0xFB, 0xEC, 0xCD, 0x99, 0x2E, 0x4B, 0x02, + 0x99, 0xAC, 0xC6, 0x62, 0xAA, 0xC5, 0x0F, 0xA3, + 0x0B, 0xBB, 0xCD, 0x51, 0x0C, 0x19, 0xA7, 0x7A, + 0x43, 0x6C, 0xAA, 0x26, 0x28, 0x2A, 0xC9, 0x9D, + 0x97, 0xAE, 0x83, 0x74, 0xDA, 0xC4, 0x03, 0x98, + 0x94, 0x58, 0x28, 0xBC, 0x32, 0x1D, 0xD4, 0xF2, + 0x6F, 0x89, 0x92, 0xD4, 0x80, 0x9B, 0xDE, 0x6B, + 0xC5, 0x6F, 0xDB, 0x7A, 0x03, 0x1C, 0xF5, 0x55, +}; +static const unsigned char dsa_sigver_msg0[] = { + 0x32, 0xE9, 0x64, 0x47, 0xED, 0x3B, 0xF0, 0xC0, + 0xCA, 0xC2, 0x90, 0xF5, 0x10, 0x60, 0x99, 0x82, + 0x4D, 0x13, 0x44, 0xFA, 0x92, 0xD1, 0xFD, 0x50, + 0x26, 0x80, 0xEA, 0x7B, 0x7D, 0xC5, 0xF0, 0xB7, +}; +static const unsigned char dsa_sigver_msg1[] = { + 0x31, 0xE9, 0x64, 0x47, 0xED, 0x3B, 0xF0, 0xC0, + 0xCA, 0xC2, 0x90, 0xF5, 0x10, 0x60, 0x99, 0x82, + 0x4D, 0x13, 0x44, 0xFA, 0x92, 0xD1, 0xFD, 0x50, + 0x26, 0x80, 0xEA, 0x7B, 0x7D, 0xC5, 0xF0, 0xB7 +}; +static const unsigned char dsa_sigver_r0[] = { + 0x2A, 0x24, 0x0F, 0xA7, 0x04, 0xF1, 0xE0, 0x60, + 0x3B, 0x07, 0xDE, 0xB6, 0x5F, 0x01, 0x20, 0x81, + 0xDD, 0x64, 0x22, 0x0F, 0x9F, 0x2E, 0x67, 0x33, + 0xB7, 0x56, 0xDE, 0x17, 0xD0, 0xED, 0x9D, 0x30, +}; +static const unsigned char dsa_sigver_s0[] = { + 0x15, 0x93, 0x81, 0x6E, 0xC2, 0x07, 0x6E, 0x06, + 0x6A, 0xBF, 0x62, 0xBF, 0x93, 0xA6, 0xCB, 0x6E, + 0xBA, 0x1E, 0x72, 0x57, 0x27, 0x0E, 0x85, 0x9E, + 0x8C, 0x42, 0x9A, 0x41, 0x63, 0x27, 0x74, 0x4F, +}; +static const struct dsa_sigver_st dsa_sigver_data[] = { + { + "SHA2-512", + ITM(dsa_sigver_p0), + ITM(dsa_sigver_q0), + ITM(dsa_sigver_g0), + ITM(dsa_sigver_pub0), + ITM(dsa_sigver_msg0), + ITM(dsa_sigver_r0), + ITM(dsa_sigver_s0), + PASS, + }, + { + "SHA2-512", + ITM(dsa_sigver_p0), + ITM(dsa_sigver_q0), + ITM(dsa_sigver_g0), + ITM(dsa_sigver_pub0), + ITM(dsa_sigver_msg1), + ITM(dsa_sigver_r0), + ITM(dsa_sigver_s0), + FAIL, + }, +}; + +#endif /* OPENSSL_NO_DSA */ + +struct cipher_st { + const char *alg; + const unsigned char *key; + size_t key_len; + const unsigned char *iv; + size_t iv_len; + const unsigned char *pt; + size_t pt_len; + const unsigned char *ct; + size_t ct_len; +}; + +struct cipher_ccm_st { + const char *alg; + const unsigned char *key; + size_t key_len; + const unsigned char *iv; + size_t iv_len; + const unsigned char *aad; + size_t aad_len; + const unsigned char *pt; + size_t pt_len; + const unsigned char *ct; /* includes the tag */ + size_t ct_len; +}; + +struct cipher_gcm_st { + const char *alg; + const unsigned char *key; + size_t key_len; + const unsigned char *iv; + size_t iv_len; + const unsigned char *aad; + size_t aad_len; + const unsigned char *pt; + size_t pt_len; + const unsigned char *ct; + size_t ct_len; + const unsigned char *tag; + size_t tag_len; +}; + + +static const unsigned char cipher_enc_pt0[] = { + 0xF3, 0x44, 0x81, 0xEC, 0x3C, 0xC6, 0x27, 0xBA, + 0xCD, 0x5D, 0xC3, 0xFB, 0x08, 0xF2, 0x73, 0xE6, +}; +static const unsigned char cipher_enc_pt1[] = { + 0x1B, 0x07, 0x7A, 0x6A, 0xF4, 0xB7, 0xF9, 0x82, + 0x29, 0xDE, 0x78, 0x6D, 0x75, 0x16, 0xB6, 0x39, +}; +static const unsigned char cipher_enc_pt2[] = { + 0x91, 0x07, 0x41, 0x31, 0xF1, 0xF8, 0x6C, 0xCD, + 0x54, 0x8D, 0x22, 0xA6, 0x93, 0x40, 0xFF, 0x39, +}; +static const unsigned char cipher_enc_pt3[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13 +}; +static const unsigned char cipher_enc_key0[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +}; +static const unsigned char cipher_enc_key1[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +}; +static const unsigned char cipher_enc_key2[] = { + 0xE8, 0x70, 0x13, 0x1C, 0xE7, 0x03, 0xD6, 0x51, + 0x4E, 0x76, 0x1F, 0x95, 0xE6, 0xEE, 0x9E, 0xFB, +}; +static const unsigned char cipher_enc_key3[] = { + 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8, + 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0, + 0xbf, 0xbe, 0xbd, 0xbc, 0xbb, 0xba, 0xb9, 0xb8, + 0xb7, 0xb6, 0xb5, 0xb4, 0xb3, 0xb2, 0xb1, 0xb0, +}; +static const unsigned char cipher_enc_ct0[] = { + 0x03, 0x36, 0x76, 0x3E, 0x96, 0x6D, 0x92, 0x59, + 0x5A, 0x56, 0x7C, 0xC9, 0xCE, 0x53, 0x7F, 0x5E, +}; +static const unsigned char cipher_enc_ct1[] = { + 0x27, 0x5C, 0xFC, 0x04, 0x13, 0xD8, 0xCC, 0xB7, + 0x05, 0x13, 0xC3, 0x85, 0x9B, 0x1D, 0x0F, 0x72, +}; +static const unsigned char cipher_enc_ct2[] = { + 0x3A, 0xF6, 0x4C, 0x70, 0x37, 0xEE, 0x48, 0x13, + 0xD8, 0x5F, 0xE9, 0xB3, 0x7F, 0xE6, 0x6A, 0xD4, +}; +static const unsigned char cipher_enc_ct3[] = { + 0x9d, 0x84, 0xc8, 0x13, 0xf7, 0x19, 0xaa, 0x2c, + 0x7b, 0xe3, 0xf6, 0x61, 0x71, 0xc7, 0xc5, 0xc2, + 0xed, 0xbf, 0x9d, 0xac, +}; +static const unsigned char cipher_enc_iv0[] = { + 0x00, +}; +static const unsigned char cipher_enc_iv1[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +}; +static const unsigned char cipher_enc_iv2[] = { + 0x53, 0xF2, 0x25, 0xD8, 0xDE, 0x97, 0xF1, 0x4B, + 0xFE, 0x3E, 0xC6, 0x5E, 0xC3, 0xFF, 0xF7, 0xD3, +}; +static const unsigned char cipher_enc_iv3[] = { + 0x9a, 0x78, 0x56, 0x34, 0x12, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +}; + +static const struct cipher_st cipher_enc_data[] = { + { + "AES-128-ECB", + ITM(cipher_enc_key0), + NULL, 0, /* iv */ + ITM(cipher_enc_pt0), + ITM(cipher_enc_ct0), + }, + { + "AES-192-CBC", + ITM(cipher_enc_key1), + ITM(cipher_enc_iv1), + ITM(cipher_enc_pt1), + ITM(cipher_enc_ct1), + }, + { + "AES-128-CTR", + ITM(cipher_enc_key2), + ITM(cipher_enc_iv2), + ITM(cipher_enc_pt2), + ITM(cipher_enc_ct2), + }, + { + "AES-128-XTS", + ITM(cipher_enc_key3), + ITM(cipher_enc_iv3), + ITM(cipher_enc_pt3), + ITM(cipher_enc_ct3), + } +}; + +static const unsigned char aes_ccm_enc_pt0[] = { + 0xDA, 0x6A, 0xDC, 0xB2, 0xA5, 0xCC, 0xC3, 0xE7, + 0xFC, 0x4C, 0xDF, 0x0A, 0xAB, 0xDC, 0x3B, 0x38, + 0x26, 0x8B, 0x21, 0x82, 0xCA, 0x26, 0xE6, 0x2C, +}; +static const unsigned char aes_ccm_enc_key0[] = { + 0xDE, 0xF8, 0x67, 0xBC, 0x40, 0xB6, 0x7C, 0xAA, + 0x4A, 0x00, 0xE8, 0x07, 0x24, 0x52, 0xAE, 0x72, +}; +static const unsigned char aes_ccm_enc_aad0[] = { + 0x29, 0x8D, 0x01, 0x92, 0x3B, 0x50, 0x1F, 0x66, + 0xCE, 0xD3, 0x57, 0x4B, 0x7B, 0x4F, 0x07, 0x57, +}; +static const unsigned char aes_ccm_enc_iv0[] = { + 0x44, 0xEE, 0x48, 0x11, 0x4D, 0x3B, 0x71, 0x33, + 0xF0, 0xF7, 0x12, 0xA2, 0xA5, +}; +static const unsigned char aes_ccm_enc_ct0[] = { + 0x30, 0x4D, 0x19, 0x31, 0x02, 0x66, 0x95, 0x2E, + 0x23, 0x6D, 0xF4, 0xB9, 0xDF, 0xFE, 0xCA, 0x92, + 0x04, 0x2A, 0x32, 0xB5, 0x08, 0x2C, 0x8B, 0x6F, + 0x1B, 0x14, 0xB8, 0x62, 0x8B, 0xA0, 0x12, 0x4E, + 0x6A, 0x6F, 0x85, 0x86, 0x24, 0x6A, 0x83, 0xE0, +}; +static const struct cipher_ccm_st aes_ccm_enc_data[] = { + { + "AES-128-CCM", + ITM(aes_ccm_enc_key0), + ITM(aes_ccm_enc_iv0), + ITM(aes_ccm_enc_aad0), + ITM(aes_ccm_enc_pt0), + ITM(aes_ccm_enc_ct0), + }, +}; + +static const unsigned char aes_gcm_enc_pt0[] = { + 0x97, +}; +static const unsigned char aes_gcm_enc_key0[] = { + 0x3E, 0x77, 0x38, 0xA6, 0x0A, 0xB3, 0x95, 0x90, + 0xFA, 0x8B, 0x3B, 0xCF, 0xE1, 0xA3, 0x8C, 0x7D, +}; +static const unsigned char aes_gcm_enc_aad0[] = { + 0xE7, 0xEF, 0xCB, 0x0F, 0x3D, 0x94, 0x1D, 0x0F, + 0x3D, 0x65, 0x69, 0xFC, 0xDA, 0x77, 0x36, 0x5E, + 0xB9, 0x20, 0xF8, 0xDA, 0x81, 0xDF, 0x6B, 0x4C, + 0x2A, 0x70, 0x5E, 0xE3, 0x07, 0xCE, 0xCF, 0x62, + 0x84, +}; +static const unsigned char aes_gcm_enc_iv0[] = { + 0x01, 0x02, 0x03, 0x04, 0xEB, 0xED, 0x2F, 0x4B, + 0xD1, 0x20, 0x2C, 0xCD, +}; +static const unsigned char aes_gcm_enc_ct0[] = { + 0x63, +}; +static const unsigned char aes_gcm_enc_tag0[] = { + 0xA2, 0x8E, 0xA5, 0xF6, 0x6A, 0x1C, 0xE6, 0xD7, + 0xFF, 0xCD, 0x7F, 0x49, +}; +static const struct cipher_gcm_st aes_gcm_enc_data[] = { + { + "AES-128-GCM", + ITM(aes_gcm_enc_key0), + ITM(aes_gcm_enc_iv0), + ITM(aes_gcm_enc_aad0), + ITM(aes_gcm_enc_pt0), + ITM(aes_gcm_enc_ct0), + ITM(aes_gcm_enc_tag0), + }, +}; + +#ifndef OPENSSL_NO_DH + +struct dh_safe_prime_keygen_st { + const char *group_name; +}; + +struct dh_safe_prime_keyver_st { + const char *group_name; + const unsigned char *pub; + size_t pub_len; + const unsigned char *priv; + size_t priv_len; + int pass; +}; + +static const struct dh_safe_prime_keygen_st dh_safe_prime_keygen_data[] = { + { "ffdhe2048" }, +}; + +static const unsigned char dh_safe_prime_keyver_priv0[] = { + 0x39, 0x9C, 0x08, 0x8E, 0x4A, 0x1E, 0x1A, 0x03, + 0x18, 0x5A, 0x72, 0x4F, 0xCB, 0x13, 0xFB, 0x8F, + 0x7F, 0x14, 0x12, 0x48, 0x9A, 0x18, 0x03, 0x1C, + 0x03, 0x98, 0x7E, 0x3C, 0xEF, 0x57, 0xF2, 0x1E, + 0xD5, 0x54, 0x5C, 0x0F, 0x36, 0x5E, 0xB0, 0xF8, + 0xD1, 0x27, 0x79, 0x24, 0x69, 0xB5, 0x7C, 0xF1, + 0x39, 0xFC, 0xE3, 0x79, 0xF0, 0xD6, 0xA0, 0xE1, + 0xA5, 0xA7, 0x65, 0x01, 0xBA, 0xFE, 0xBB, 0x28, + 0xF0, 0x9C, 0x49, 0x90, 0x68, 0xB4, 0xE7, 0xE2, + 0xB6, 0xBF, 0xB9, 0xF8, 0x96, 0xAA, 0xF9, 0xE6, + 0x0B, 0x8A, 0x86, 0x0D, 0x31, 0x2C, 0x90, 0xDA, + 0x4E, 0xFB, 0xE3, 0x59, 0x3F, 0xFB, 0x14, 0x33, + 0xF6, 0xBD, 0xDA, 0x5D, 0x27, 0xCC, 0x7C, 0x1C, + 0x30, 0xC8, 0xB2, 0xAF, 0x2A, 0xA8, 0x25, 0x97, + 0xDC, 0x5E, 0xEF, 0x22, 0xCB, 0xF6, 0x88, 0x83, + 0xD0, 0x47, 0x3F, 0x5D, 0xF3, 0x2A, 0xE0, 0xCC, + 0x86, 0x49, 0x5A, 0x8F, 0x67, 0xF6, 0xC4, 0xD8, + 0x3F, 0x09, 0xE8, 0x49, 0x89, 0x2E, 0xC0, 0xB4, + 0x9C, 0x06, 0x9C, 0x40, 0x10, 0xFB, 0x20, 0xC6, + 0xF1, 0x5F, 0x52, 0x3F, 0x21, 0xBF, 0xBB, 0x13, + 0x6A, 0x81, 0x1C, 0xFF, 0x19, 0x2A, 0x36, 0xD2, + 0x13, 0x23, 0x33, 0xD1, 0xEF, 0x34, 0xF3, 0xA6, + 0xD5, 0x56, 0xAF, 0x1A, 0x63, 0xFC, 0x95, 0x86, + 0xD5, 0xEB, 0xBF, 0x49, 0x84, 0x73, 0x30, 0x1D, + 0xE2, 0xA1, 0xAE, 0x6D, 0x20, 0x69, 0xAE, 0xB6, + 0x1A, 0xB9, 0xF2, 0x7A, 0xE3, 0x17, 0x4E, 0x7C, + 0x8F, 0xE8, 0x34, 0x02, 0x59, 0xB4, 0x54, 0x9A, + 0x8D, 0x19, 0x04, 0x2A, 0x8E, 0xF8, 0x05, 0xA3, + 0x98, 0x5B, 0xBD, 0xB4, 0x6A, 0xDA, 0xAA, 0x1F, + 0xFC, 0x56, 0xA0, 0x4D, 0x22, 0x66, 0x31, 0xEA, + 0x8A, 0xC8, 0x61, 0x12, 0x40, 0xF0, 0x38, 0x0B, + 0xA3, 0x23, 0x40, 0x97, 0x7A, 0x18, 0xE3, 0x42, +}; +static const unsigned char dh_safe_prime_keyver_pub0[] = { + 0xFA, 0xDA, 0x86, 0x67, 0xE9, 0x12, 0x67, 0x79, + 0x50, 0xAE, 0x64, 0x0B, 0x07, 0x47, 0x8F, 0xA5, + 0xD1, 0x27, 0x6C, 0xFC, 0x10, 0xD8, 0x90, 0x8D, + 0x93, 0x75, 0xAD, 0x31, 0xBD, 0x97, 0xBE, 0xD5, + 0xB5, 0x59, 0x2F, 0x37, 0x52, 0x32, 0x30, 0x75, + 0xD3, 0xA5, 0x36, 0x10, 0x62, 0x4C, 0x82, 0x06, + 0xB9, 0x29, 0xAE, 0x14, 0xD1, 0xB0, 0xD0, 0x23, + 0x7A, 0xE6, 0xEA, 0x7E, 0x8E, 0xE3, 0xC7, 0xEB, + 0x43, 0x78, 0xFA, 0x9A, 0x40, 0x9A, 0x6F, 0xF5, + 0x42, 0x8A, 0xF7, 0xF3, 0x92, 0xE6, 0x5D, 0x68, + 0x9B, 0x2A, 0x91, 0xB5, 0x37, 0x33, 0x3F, 0x35, + 0xA5, 0xFB, 0x54, 0xD1, 0x3C, 0x46, 0xC6, 0x3C, + 0x16, 0x3A, 0xD7, 0xF8, 0x55, 0x48, 0x9A, 0xB7, + 0xB1, 0x40, 0xBF, 0xAF, 0x26, 0x1B, 0x07, 0x0F, + 0x11, 0x04, 0x63, 0x06, 0xDA, 0x2D, 0x45, 0x0E, + 0x7F, 0x17, 0xA4, 0x38, 0xBD, 0x68, 0x5A, 0xA9, + 0xC4, 0x7F, 0x7E, 0xC7, 0xF0, 0xFC, 0x74, 0x87, + 0x55, 0xCD, 0x35, 0xA8, 0xAA, 0x59, 0xA7, 0xFA, + 0xC1, 0x34, 0x67, 0x04, 0xD8, 0xCC, 0xE1, 0x77, + 0x60, 0xE1, 0xBE, 0xC0, 0xA5, 0x52, 0xA4, 0x72, + 0x3A, 0x19, 0xFA, 0x76, 0xC8, 0x67, 0x60, 0x5E, + 0x1C, 0x43, 0xF4, 0x50, 0xA0, 0xCB, 0x33, 0x77, + 0x2D, 0x2D, 0x3B, 0x5D, 0x7D, 0x72, 0x2E, 0x38, + 0xCD, 0x71, 0xB1, 0xBF, 0xB5, 0x10, 0x80, 0xCD, + 0xA4, 0x5D, 0x70, 0x6E, 0xD5, 0x7E, 0xA2, 0xAA, + 0xDC, 0xA4, 0x7C, 0x7A, 0x7D, 0x21, 0x09, 0x6A, + 0x14, 0xB2, 0x21, 0x24, 0xA4, 0xF4, 0x6C, 0xD2, + 0xBA, 0x76, 0x99, 0xD7, 0x69, 0x44, 0xA8, 0x66, + 0x85, 0x08, 0x50, 0xBA, 0x42, 0x37, 0xA2, 0xC2, + 0xD5, 0x45, 0x7E, 0x7B, 0xE9, 0x4A, 0xAE, 0xEE, + 0x84, 0x2A, 0xEB, 0xA9, 0x4A, 0x69, 0x40, 0x83, + 0xBA, 0xCC, 0x1E, 0x1B, 0x25, 0x56, 0x13, 0x88, +}; +static const struct dh_safe_prime_keyver_st dh_safe_prime_keyver_data[] = { + { + "ffdhe2048", + ITM(dh_safe_prime_keyver_pub0), + ITM(dh_safe_prime_keyver_priv0), + PASS + }, +}; + +#endif /* OPENSSL_NO_DH */ + +#ifndef OPENSSL_NO_RSA +struct rsa_keygen_st { + size_t mod; + const unsigned char *e; + size_t e_len; + const unsigned char *xp1; + size_t xp1_len; + const unsigned char *xp2; + size_t xp2_len; + const unsigned char *xp; + size_t xp_len; + const unsigned char *xq1; + size_t xq1_len; + const unsigned char *xq2; + size_t xq2_len; + const unsigned char *xq; + size_t xq_len; + + const unsigned char *p1; + size_t p1_len; + const unsigned char *p2; + size_t p2_len; + const unsigned char *q1; + size_t q1_len; + const unsigned char *q2; + size_t q2_len; + const unsigned char *p; + size_t p_len; + const unsigned char *q; + size_t q_len; + const unsigned char *n; + size_t n_len; + const unsigned char *d; + size_t d_len; +}; + +static const unsigned char rsa_keygen0_e[] = { + 0x01,0x00,0x01 +}; +static const unsigned char rsa_keygen0_xp[] = { + 0xcf,0x72,0x1b,0x9a,0xfd,0x0d,0x22,0x1a,0x74,0x50,0x97,0x22,0x76,0xd8,0xc0, + 0xc2,0xfd,0x08,0x81,0x05,0xdd,0x18,0x21,0x99,0x96,0xd6,0x5c,0x79,0xe3,0x02, + 0x81,0xd7,0x0e,0x3f,0x3b,0x34,0xda,0x61,0xc9,0x2d,0x84,0x86,0x62,0x1e,0x3d, + 0x5d,0xbf,0x92,0x2e,0xcd,0x35,0x3d,0x6e,0xb9,0x59,0x16,0xc9,0x82,0x50,0x41, + 0x30,0x45,0x67,0xaa,0xb7,0xbe,0xec,0xea,0x4b,0x9e,0xa0,0xc3,0x05,0xb3,0x88, + 0xd4,0x4c,0xac,0xeb,0xe4,0x03,0xc6,0xca,0xcb,0xd9,0xd3,0x4e,0xf6,0x7f,0x2c, + 0x27,0x1e,0x08,0x6c,0xc2,0xd6,0x45,0x1f,0x84,0xe4,0x3c,0x97,0x19,0xde,0xb8, + 0x55,0xaf,0x0e,0xcf,0x9e,0xb0,0x9c,0x20,0xd3,0x1f,0xa8,0xd7,0x52,0xc2,0x95, + 0x1c,0x80,0x15,0x42,0x4d,0x4f,0x19,0x16 +}; +static const unsigned char rsa_keygen0_xp1[] = { + 0xac,0x5f,0x7f,0x6e,0x33,0x3e,0x97,0x3a,0xb3,0x17,0x44,0xa9,0x0f,0x7a,0x54, + 0x70,0x27,0x06,0x93,0xd5,0x49,0xde,0x91,0x83,0xbc,0x8a,0x7b,0x95 +}; +static const unsigned char rsa_keygen0_xp2[] = { + 0x0b,0xf6,0xe8,0x79,0x5a,0x81,0xae,0x90,0x1d,0xa4,0x38,0x74,0x9c,0x0e,0x6f, + 0xe0,0x03,0xcf,0xc4,0x53,0x16,0x32,0x17,0xf7,0x09,0x5f,0xd9 +}; +static const unsigned char rsa_keygen0_xq[] = { + 0xfe,0xab,0xf2,0x7c,0x16,0x4a,0xf0,0x8d,0x31,0xc6,0x0a,0x82,0xe2,0xae,0xbb, + 0x03,0x7e,0x7b,0x20,0x4e,0x64,0xb0,0x16,0xad,0x3c,0x01,0x1a,0xd3,0x54,0xbf, + 0x2b,0xa4,0x02,0x9e,0xc3,0x0d,0x60,0x3d,0x1f,0xb9,0xc0,0x0d,0xe6,0x97,0x68, + 0xbb,0x8c,0x81,0xd5,0xc1,0x54,0x96,0x0f,0x99,0xf0,0xa8,0xa2,0xf3,0xc6,0x8e, + 0xec,0xbc,0x31,0x17,0x70,0x98,0x24,0xa3,0x36,0x51,0xa8,0x54,0xbd,0x9a,0x89, + 0x99,0x6e,0x57,0x5e,0xd0,0x39,0x86,0xc3,0xa3,0x1b,0xc7,0xcf,0xc4,0x4f,0x47, + 0x25,0x9e,0x2c,0x79,0xe1,0x2c,0xcc,0xe4,0x63,0xf4,0x02,0x84,0xf8,0xf6,0xa1, + 0x5c,0x93,0x14,0xf2,0x68,0x5f,0x3a,0x90,0x2f,0x4e,0x5e,0xf9,0x16,0x05,0xcf, + 0x21,0x63,0xca,0xfa,0xb0,0x08,0x02,0xc0 +}; +static const unsigned char rsa_keygen0_xq1[] = { + 0x9b,0x02,0xd4,0xba,0xf0,0xaa,0x14,0x99,0x6d,0xc0,0xb7,0xa5,0xe1,0xd3,0x70, + 0xb6,0x5a,0xa2,0x9b,0x59,0xd5,0x8c,0x1e,0x9f,0x3f,0x9a,0xde,0xeb,0x9e,0x9c, + 0x61,0xd6,0x5a,0xe1 +}; +static const unsigned char rsa_keygen0_xq2[] = { + 0x06,0x81,0x53,0xfd,0xa8,0x7b,0xa3,0x85,0x90,0x15,0x2c,0x97,0xb2,0xa0,0x17, + 0x48,0xb0,0x7f,0x0a,0x01,0x6d +}; +/* expected values */ +static const unsigned char rsa_keygen0_p1[] = { + 0xac,0x5f,0x7f,0x6e,0x33,0x3e,0x97,0x3a,0xb3,0x17,0x44,0xa9,0x0f,0x7a,0x54, + 0x70,0x27,0x06,0x93,0xd5,0x49,0xde,0x91,0x83,0xbc,0x8a,0x7b,0xc3 +}; +static const unsigned char rsa_keygen0_p2[] = { + 0x0b,0xf6,0xe8,0x79,0x5a,0x81,0xae,0x90,0x1d,0xa4,0x38,0x74,0x9c,0x0e,0x6f, + 0xe0,0x03,0xcf,0xc4,0x53,0x16,0x32,0x17,0xf7,0x09,0x5f,0xd9 +}; +static const unsigned char rsa_keygen0_q1[] = { + 0x9b,0x02,0xd4,0xba,0xf0,0xaa,0x14,0x99,0x6d,0xc0,0xb7,0xa5,0xe1,0xd3,0x70, + 0xb6,0x5a,0xa2,0x9b,0x59,0xd5,0x8c,0x1e,0x9f,0x3f,0x9a,0xde,0xeb,0x9e,0x9c, + 0x61,0xd6,0x5d,0x47 +}; +static const unsigned char rsa_keygen0_q2[] = { + 0x06,0x81,0x53,0xfd,0xa8,0x7b,0xa3,0x85,0x90,0x15,0x2c,0x97,0xb2,0xa0,0x17, + 0x48,0xb0,0x7f,0x0a,0x01,0x8f +}; +static const unsigned char rsa_keygen0_p[] = { + 0xcf,0x72,0x1b,0x9a,0xfd,0x0d,0x22,0x1a,0x74,0x50,0x97,0x22,0x76,0xd8,0xc0, + 0xc2,0xfd,0x08,0x81,0x05,0xdd,0x18,0x21,0x99,0x96,0xd6,0x5c,0x79,0xe3,0x02, + 0x81,0xd7,0x0e,0x3f,0x3b,0x34,0xda,0x61,0xc9,0x2d,0x84,0x86,0x62,0x1e,0x3d, + 0x5d,0xbf,0x92,0x2e,0xcd,0x35,0x3d,0x6e,0xb9,0x59,0x16,0xc9,0x82,0x50,0x41, + 0x30,0x45,0x67,0xaa,0xb7,0xbe,0xec,0xea,0x4b,0x9e,0xa0,0xc3,0x05,0xbc,0x4c, + 0x01,0xa5,0x4b,0xbd,0xa4,0x20,0xb5,0x20,0xd5,0x59,0x6f,0x82,0x5c,0x8f,0x4f, + 0xe0,0x3a,0x4e,0x7e,0xfe,0x44,0xf3,0x3c,0xc0,0x0e,0x14,0x2b,0x32,0xe6,0x28, + 0x8b,0x63,0x87,0x00,0xc3,0x53,0x4a,0x5b,0x71,0x7a,0x5b,0x28,0x40,0xc4,0x18, + 0xb6,0x77,0x0b,0xab,0x59,0xa4,0x96,0x7d +}; +static const unsigned char rsa_keygen0_q[] = { + 0xfe,0xab,0xf2,0x7c,0x16,0x4a,0xf0,0x8d,0x31,0xc6,0x0a,0x82,0xe2,0xae,0xbb, + 0x03,0x7e,0x7b,0x20,0x4e,0x64,0xb0,0x16,0xad,0x3c,0x01,0x1a,0xd3,0x54,0xbf, + 0x2b,0xa4,0x02,0x9e,0xc3,0x0d,0x60,0x3d,0x1f,0xb9,0xc0,0x0d,0xe6,0x97,0x68, + 0xbb,0x8c,0x81,0xd5,0xc1,0x54,0x96,0x0f,0x99,0xf0,0xa8,0xa2,0xf3,0xc6,0x8e, + 0xec,0xbc,0x31,0x17,0x70,0x98,0x24,0xa3,0x36,0x51,0xa8,0x54,0xc4,0x44,0xdd, + 0xf7,0x7e,0xda,0x47,0x4a,0x67,0x44,0x5d,0x4e,0x75,0xf0,0x4d,0x00,0x68,0xe1, + 0x4a,0xec,0x1f,0x45,0xf9,0xe6,0xca,0x38,0x95,0x48,0x6f,0xdc,0x9d,0x1b,0xa3, + 0x4b,0xfd,0x08,0x4b,0x54,0xcd,0xeb,0x3d,0xef,0x33,0x11,0x6e,0xce,0xe4,0x5d, + 0xef,0xa9,0x58,0x5c,0x87,0x4d,0xc8,0xcf +}; +static const unsigned char rsa_keygen0_n[] = { + 0xce,0x5e,0x8d,0x1a,0xa3,0x08,0x7a,0x2d,0xb4,0x49,0x48,0xf0,0x06,0xb6,0xfe, + 0xba,0x2f,0x39,0x7c,0x7b,0xe0,0x5d,0x09,0x2d,0x57,0x4e,0x54,0x60,0x9c,0xe5, + 0x08,0x4b,0xe1,0x1a,0x73,0xc1,0x5e,0x2f,0xb6,0x46,0xd7,0x81,0xca,0xbc,0x98, + 0xd2,0xf9,0xef,0x1c,0x92,0x8c,0x8d,0x99,0x85,0x28,0x52,0xd6,0xd5,0xab,0x70, + 0x7e,0x9e,0xa9,0x87,0x82,0xc8,0x95,0x64,0xeb,0xf0,0x6c,0x0f,0x3f,0xe9,0x02, + 0x29,0x2e,0x6d,0xa1,0xec,0xbf,0xdc,0x23,0xdf,0x82,0x4f,0xab,0x39,0x8d,0xcc, + 0xac,0x21,0x51,0x14,0xf8,0xef,0xec,0x73,0x80,0x86,0xa3,0xcf,0x8f,0xd5,0xcf, + 0x22,0x1f,0xcc,0x23,0x2f,0xba,0xcb,0xf6,0x17,0xcd,0x3a,0x1f,0xd9,0x84,0xb9, + 0x88,0xa7,0x78,0x0f,0xaa,0xc9,0x04,0x01,0x20,0x72,0x5d,0x2a,0xfe,0x5b,0xdd, + 0x16,0x5a,0xed,0x83,0x02,0x96,0x39,0x46,0x37,0x30,0xc1,0x0d,0x87,0xc2,0xc8, + 0x33,0x38,0xed,0x35,0x72,0xe5,0x29,0xf8,0x1f,0x23,0x60,0xe1,0x2a,0x5b,0x1d, + 0x6b,0x53,0x3f,0x07,0xc4,0xd9,0xbb,0x04,0x0c,0x5c,0x3f,0x0b,0xc4,0xd4,0x61, + 0x96,0x94,0xf1,0x0f,0x4a,0x49,0xac,0xde,0xd2,0xe8,0x42,0xb3,0x4a,0x0b,0x64, + 0x7a,0x32,0x5f,0x2b,0x5b,0x0f,0x8b,0x8b,0xe0,0x33,0x23,0x34,0x64,0xf8,0xb5, + 0x7f,0x69,0x60,0xb8,0x71,0xe9,0xff,0x92,0x42,0xb1,0xf7,0x23,0xa8,0xa7,0x92, + 0x04,0x3d,0x6b,0xff,0xf7,0xab,0xbb,0x14,0x1f,0x4c,0x10,0x97,0xd5,0x6b,0x71, + 0x12,0xfd,0x93,0xa0,0x4a,0x3b,0x75,0x72,0x40,0x96,0x1c,0x5f,0x40,0x40,0x57, + 0x13 +}; +static const unsigned char rsa_keygen0_d[] = { + 0x47,0x47,0x49,0x1d,0x66,0x2a,0x4b,0x68,0xf5,0xd8,0x4a,0x24,0xfd,0x6c,0xbf, + 0x56,0xb7,0x70,0xf7,0x9a,0x21,0xc8,0x80,0x9e,0xf4,0x84,0xcd,0x88,0x01,0x28, + 0xea,0x50,0xab,0x13,0x63,0xdf,0xea,0x14,0x38,0xb5,0x07,0x42,0x81,0x2f,0xda, + 0xe9,0x24,0x02,0x7e,0xaf,0xef,0x74,0x09,0x0e,0x80,0xfa,0xfb,0xd1,0x19,0x41, + 0xe5,0xba,0x0f,0x7c,0x0a,0xa4,0x15,0x55,0xa2,0x58,0x8c,0x3a,0x48,0x2c,0xc6, + 0xde,0x4a,0x76,0xfb,0x72,0xb6,0x61,0xe6,0xd2,0x10,0x44,0x4c,0x33,0xb8,0xd2, + 0x74,0xb1,0x9d,0x3b,0xcd,0x2f,0xb1,0x4f,0xc3,0x98,0xbd,0x83,0xb7,0x7e,0x75, + 0xe8,0xa7,0x6a,0xee,0xcc,0x51,0x8c,0x99,0x17,0x67,0x7f,0x27,0xf9,0x0d,0x6a, + 0xb7,0xd4,0x80,0x17,0x89,0x39,0x9c,0xf3,0xd7,0x0f,0xdf,0xb0,0x55,0x80,0x1d, + 0xaf,0x57,0x2e,0xd0,0xf0,0x4f,0x42,0x69,0x55,0xbc,0x83,0xd6,0x97,0x83,0x7a, + 0xe6,0xc6,0x30,0x6d,0x3d,0xb5,0x21,0xa7,0xc4,0x62,0x0a,0x20,0xce,0x5e,0x5a, + 0x17,0x98,0xb3,0x6f,0x6b,0x9a,0xeb,0x6b,0xa3,0xc4,0x75,0xd8,0x2b,0xdc,0x5c, + 0x6f,0xec,0x5d,0x49,0xac,0xa8,0xa4,0x2f,0xb8,0x8c,0x4f,0x2e,0x46,0x21,0xee, + 0x72,0x6a,0x0e,0x22,0x80,0x71,0xc8,0x76,0x40,0x44,0x61,0x16,0xbf,0xa5,0xf8, + 0x89,0xc7,0xe9,0x87,0xdf,0xbd,0x2e,0x4b,0x4e,0xc2,0x97,0x53,0xe9,0x49,0x1c, + 0x05,0xb0,0x0b,0x9b,0x9f,0x21,0x19,0x41,0xe9,0xf5,0x61,0xd7,0x33,0x2e,0x2c, + 0x94,0xb8,0xa8,0x9a,0x3a,0xcc,0x6a,0x24,0x8d,0x19,0x13,0xee,0xb9,0xb0,0x48, + 0x61 +}; + +static const struct rsa_keygen_st rsa_keygen_data[] = { + { + 2048, + ITM(rsa_keygen0_e), + ITM(rsa_keygen0_xp1), + ITM(rsa_keygen0_xp2), + ITM(rsa_keygen0_xp), + ITM(rsa_keygen0_xq1), + ITM(rsa_keygen0_xq2), + ITM(rsa_keygen0_xq), + + ITM(rsa_keygen0_p1), + ITM(rsa_keygen0_p2), + ITM(rsa_keygen0_q1), + ITM(rsa_keygen0_q2), + + ITM(rsa_keygen0_p), + ITM(rsa_keygen0_q), + ITM(rsa_keygen0_n), + ITM(rsa_keygen0_d), + }, +}; + +#define NO_PSS_SALT_LEN -1 +struct rsa_siggen_st { + const char *sig_pad_mode; + size_t mod; + const char *digest_alg; + const unsigned char *msg; + size_t msg_len; + int pss_salt_len; +}; +static const unsigned char rsa_siggen0_msg[] = { + 0xa3, 0x76, 0x35, 0xc2, 0x6d, 0x6b, 0xa0, 0xe1, + 0x2e, 0x0b, 0x58, 0x33, 0x0d, 0x30, 0xdd, 0x07, + 0xa9, 0x53, 0xd6, 0x37, 0x07, 0xad, 0xa8, 0x67, +}; +static const struct rsa_siggen_st rsa_siggen_data[] = { + { + "pkcs1", /* pkcs1v1.5 */ + 2048, + "SHA384", + ITM(rsa_siggen0_msg), + NO_PSS_SALT_LEN, + }, + { + "x931", + 2048, + "SHA384", + ITM(rsa_siggen0_msg), + NO_PSS_SALT_LEN, + }, + { + "pss", + 2048, + "SHA384", + ITM(rsa_siggen0_msg), + 62 + }, +}; + +struct rsa_sigver_st { + const char *sig_pad_mode; + size_t mod; + const char *digest_alg; + const unsigned char *msg; + size_t msg_len; + const unsigned char *n; + size_t n_len; + const unsigned char *e; + size_t e_len; + const unsigned char *sig; + size_t sig_len; + int pss_salt_len; + int pass; +}; + +static const unsigned char rsa_sigver15_0_n[] = { + 0xbb, 0xbc, 0xf3, 0x35, 0x6f, 0x8e, 0x2e, 0x4f, + 0x32, 0xb5, 0xbb, 0x47, 0x9d, 0x02, 0x2a, 0xac, + 0x93, 0x9e, 0x70, 0x50, 0x0f, 0x59, 0x0d, 0x38, + 0x1c, 0xe5, 0xda, 0x87, 0x61, 0x6b, 0xbf, 0xa8, + 0x2c, 0x2f, 0x97, 0xbc, 0x4b, 0xd4, 0xae, 0x21, + 0xed, 0xbe, 0x7a, 0x98, 0x15, 0xa8, 0xe2, 0xf0, + 0x5f, 0x4d, 0xf8, 0xe2, 0x7c, 0x7e, 0x87, 0x52, + 0x8e, 0xbf, 0xb6, 0x3f, 0x1a, 0x12, 0x96, 0x87, + 0x2c, 0xd2, 0xac, 0x85, 0x87, 0xe5, 0xcd, 0x4c, + 0x31, 0x2b, 0x98, 0x16, 0x9f, 0xcf, 0x3e, 0xef, + 0x50, 0xaa, 0xee, 0xc0, 0x6c, 0x80, 0x94, 0xc5, + 0xb1, 0xc7, 0x0d, 0xd4, 0x24, 0x94, 0x44, 0x3a, + 0x44, 0xdb, 0x10, 0xdc, 0x21, 0x57, 0xe0, 0x77, + 0xe5, 0x9c, 0xc4, 0x49, 0x06, 0xe3, 0x5a, 0xea, + 0x64, 0xf4, 0x54, 0xca, 0xfc, 0x5a, 0x2b, 0x92, + 0x76, 0xe1, 0x86, 0x6f, 0x3b, 0x4e, 0x7d, 0xe7, + 0xb9, 0x62, 0xc4, 0x63, 0x12, 0x65, 0x16, 0x58, + 0x11, 0x23, 0xba, 0x1b, 0x95, 0x06, 0x1c, 0xdd, + 0xdc, 0x49, 0x0b, 0x67, 0x7c, 0xb0, 0xdb, 0x45, + 0x88, 0x6e, 0x42, 0xdd, 0x67, 0xbf, 0xec, 0x0e, + 0xfa, 0x64, 0x06, 0x3e, 0xb9, 0x40, 0xee, 0xc6, + 0x56, 0xdf, 0xe7, 0xd8, 0xed, 0xf1, 0xf7, 0x53, + 0xec, 0xd6, 0x1e, 0xb1, 0x66, 0x66, 0x80, 0x16, + 0x5b, 0xba, 0x8c, 0x75, 0xe2, 0x6c, 0x19, 0xe7, + 0xf9, 0xc8, 0xae, 0x75, 0xc9, 0xc4, 0x19, 0xe6, + 0xba, 0xfd, 0x3e, 0x12, 0xf0, 0x88, 0x90, 0xee, + 0x39, 0xf8, 0x85, 0x3c, 0x20, 0x3b, 0xfe, 0xb9, + 0xa0, 0x07, 0x93, 0x6d, 0x20, 0x78, 0xf2, 0xc2, + 0xa5, 0x49, 0x51, 0xa3, 0xb7, 0x13, 0x83, 0xeb, + 0x19, 0x55, 0x08, 0x4f, 0x28, 0x32, 0x1a, 0x9b, + 0xab, 0x05, 0x9a, 0xaa, 0x28, 0xdc, 0xfa, 0xbf, + 0xf3, 0x52, 0x40, 0x0c, 0x4a, 0xb3, 0xd6, 0xb5, +}; +static const unsigned char rsa_sigver15_0_e[] = { + 0x01, 0x00, 0x01, +}; +static const unsigned char rsa_sigver15_0_msg[] = { + 0xba, 0x1a, 0x03, 0xda, 0x95, 0xd4, 0x36, 0x60, + 0xe6, 0x77, 0xc7, 0x80, 0x49, 0x42, 0xc7, 0x98, + 0xf6, 0x9e, 0xcf, 0x6f, 0xe5, 0xaf, 0x41, 0x6c, + 0x36, 0x29, 0xd0, 0x06, 0xcf, 0x65, 0x43, 0x7c, + 0x47, 0xb4, 0x75, 0xc6, 0x03, 0xf3, 0xa1, 0xcb, + 0x9e, 0x5f, 0xdc, 0xd4, 0x8e, 0xab, 0xe3, 0x41, + 0x05, 0x50, 0x17, 0x7b, 0x16, 0x25, 0xc6, 0x29, + 0x19, 0x2f, 0xac, 0xa7, 0x50, 0xba, 0xba, 0xb3, + 0xcb, 0xa8, 0x16, 0x6a, 0x88, 0x0a, 0x62, 0x74, + 0xdf, 0xed, 0x41, 0x7b, 0x1d, 0x76, 0x17, 0xe1, + 0x70, 0x32, 0x11, 0xb2, 0x03, 0xa7, 0x66, 0xd7, + 0x69, 0x2f, 0xdc, 0x8d, 0x3f, 0x06, 0x8d, 0x16, + 0x0d, 0xa1, 0xeb, 0xae, 0x6e, 0x41, 0x02, 0xc1, + 0x71, 0xc9, 0xfd, 0x5b, 0x3e, 0xcc, 0xec, 0xe0, + 0xfd, 0xeb, 0xc4, 0xfd, 0xf3, 0x5e, 0xa7, 0xde, + 0xee, 0xd0, 0x66, 0xa2, 0xe4, 0x70, 0x45, 0x0c, +}; +static const unsigned char rsa_sigver15_0_sig[] = { + 0x4a, 0x8a, 0xcb, 0x88, 0x89, 0xd3, 0xa9, 0x48, + 0x84, 0x09, 0x2e, 0x2c, 0x50, 0x02, 0xb9, 0xad, + 0xe5, 0x10, 0xac, 0x27, 0x8f, 0x2d, 0x36, 0x7e, + 0x6e, 0x32, 0x5c, 0x1d, 0xcb, 0xfa, 0xb8, 0xc7, + 0x1a, 0x27, 0x11, 0x2b, 0x34, 0xf4, 0xa9, 0xda, + 0xa0, 0x99, 0x86, 0xbe, 0x81, 0xd0, 0xd9, 0x2a, + 0x88, 0x25, 0x99, 0xb3, 0x02, 0x50, 0xf1, 0xa5, + 0x4f, 0x3a, 0x1d, 0x7f, 0xcf, 0x7d, 0x76, 0x00, + 0x06, 0x87, 0x9f, 0x39, 0x3a, 0x3c, 0xc0, 0xc6, + 0x46, 0x7a, 0x65, 0x0d, 0x85, 0x06, 0xd8, 0x51, + 0xbe, 0xc5, 0x00, 0x80, 0xeb, 0x73, 0xbb, 0x71, + 0x8c, 0xcc, 0x72, 0x83, 0x1f, 0x9d, 0x73, 0x75, + 0xb8, 0xc8, 0x4c, 0x07, 0x5b, 0xda, 0x8c, 0x9b, + 0x6f, 0x65, 0x8c, 0x2e, 0x23, 0x62, 0x6c, 0x8d, + 0x94, 0x54, 0x5b, 0x7f, 0xe6, 0x5c, 0x90, 0xa3, + 0x07, 0xe2, 0x14, 0x4d, 0xe7, 0x71, 0x6c, 0xfd, + 0x64, 0x12, 0x14, 0x12, 0x14, 0x00, 0x1b, 0xc4, + 0x65, 0xe7, 0x28, 0x5c, 0x34, 0x2d, 0xda, 0x94, + 0xfd, 0x71, 0xcb, 0x27, 0xa6, 0x0e, 0x63, 0xd4, + 0xd6, 0x14, 0x65, 0xc0, 0xe3, 0x65, 0x94, 0x61, + 0x59, 0xb8, 0xc9, 0x3b, 0x9b, 0xc2, 0x82, 0xe2, + 0x76, 0xe7, 0x17, 0xf1, 0xef, 0x32, 0x9e, 0x8a, + 0x04, 0xf3, 0x1e, 0xcc, 0x16, 0xb4, 0x45, 0x0e, + 0x77, 0xdb, 0x8b, 0x38, 0x6c, 0xcc, 0x98, 0xf4, + 0xf8, 0xb5, 0x45, 0x2c, 0xde, 0x23, 0x36, 0xe7, + 0x83, 0xf0, 0xb4, 0xb5, 0xe3, 0xd3, 0xd4, 0x59, + 0xf1, 0x46, 0x7f, 0x0f, 0x55, 0x58, 0xff, 0x75, + 0xc7, 0x7f, 0xee, 0xf8, 0xe0, 0xb2, 0x52, 0xd8, + 0xba, 0x37, 0x4f, 0x7b, 0xba, 0xa3, 0xf0, 0x13, + 0xa7, 0x3a, 0x21, 0xac, 0xdc, 0x9e, 0x63, 0x36, + 0x38, 0xe7, 0x90, 0xeb, 0xea, 0x7f, 0x83, 0xf4, + 0x9d, 0xf3, 0x6b, 0x31, 0x44, 0x47, 0x27, 0x8e, +}; + +#define rsa_sigver15_1_n rsa_sigver15_0_n +#define rsa_sigver15_1_e rsa_sigver15_0_e +static const unsigned char rsa_sigver15_1_msg[] = { + 0x52, 0x68, 0x35, 0xd6, 0x4a, 0x95, 0xaa, 0xbd, + 0x02, 0x69, 0x7f, 0x92, 0xc7, 0x8c, 0x04, 0x71, + 0x17, 0x10, 0x5a, 0x0d, 0xab, 0x5e, 0x91, 0x45, + 0xb5, 0x70, 0x0d, 0xf8, 0x66, 0x41, 0x2e, 0x19, + 0xb3, 0x82, 0x30, 0x06, 0x59, 0x8f, 0x4f, 0x15, + 0x1e, 0xa1, 0x2f, 0x70, 0x5a, 0x45, 0x7c, 0x24, + 0xb7, 0x0d, 0xcd, 0x74, 0x35, 0x85, 0xcf, 0x73, + 0x71, 0x68, 0x9f, 0xd2, 0x26, 0x14, 0x77, 0xf6, + 0xf4, 0x3c, 0x8d, 0x4d, 0x60, 0xdd, 0x38, 0xe3, + 0x1d, 0x73, 0x55, 0x30, 0x8a, 0x6c, 0xe9, 0x35, + 0x7b, 0xdd, 0x08, 0xc7, 0x3c, 0x74, 0xf5, 0x2a, + 0xd3, 0xae, 0x8a, 0xe1, 0x86, 0x49, 0xda, 0xc5, + 0x9d, 0xfd, 0x16, 0x55, 0x69, 0x67, 0xad, 0x4d, + 0x85, 0x46, 0xb7, 0x7a, 0x5c, 0xe9, 0x94, 0xcc, + 0xeb, 0xe8, 0xd0, 0xad, 0xc9, 0x13, 0x4a, 0x91, + 0x64, 0xa8, 0x96, 0xce, 0x8d, 0xc9, 0x9f, 0xaf, +}; +static const unsigned char rsa_sigver15_1_sig[] = { + 0x81, 0x96, 0xdb, 0x65, 0x66, 0x5d, 0xec, 0x14, + 0xb3, 0x42, 0xf6, 0x93, 0x89, 0xae, 0x49, 0x81, + 0x98, 0xda, 0x71, 0x6d, 0x72, 0x9b, 0xcb, 0x39, + 0xe4, 0x85, 0xd1, 0x9f, 0xbe, 0xb8, 0x69, 0x0e, + 0xbe, 0xc0, 0x07, 0x88, 0xee, 0xbf, 0xf9, 0x5d, + 0x20, 0x0f, 0x90, 0x48, 0x93, 0x53, 0xbb, 0xc6, + 0x2f, 0xf8, 0xb7, 0x1d, 0xd2, 0x15, 0x0f, 0x1f, + 0x25, 0xab, 0x5b, 0xae, 0x52, 0xe6, 0x8e, 0x06, + 0x43, 0xe1, 0xd9, 0x4a, 0x4c, 0xee, 0x24, 0x0e, + 0xeb, 0x4f, 0x9b, 0x1a, 0xcb, 0x6d, 0x22, 0x93, + 0xa8, 0xa8, 0xcd, 0x4b, 0xa2, 0xf6, 0x88, 0x1a, + 0xaf, 0x3b, 0x2b, 0xdf, 0x04, 0x2d, 0x2b, 0x27, + 0x54, 0x90, 0x41, 0xb0, 0x4a, 0xda, 0xb1, 0xdf, + 0xce, 0x39, 0xda, 0xd7, 0xda, 0x00, 0x97, 0x89, + 0x9a, 0xaf, 0x4c, 0xc3, 0x0b, 0x6d, 0xb3, 0xce, + 0x59, 0x0b, 0xd9, 0x91, 0x17, 0x31, 0x6a, 0xe7, + 0x92, 0xec, 0x62, 0xe1, 0xe9, 0x73, 0xc7, 0x14, + 0x06, 0x16, 0x42, 0x8a, 0x68, 0xb1, 0x7c, 0xb8, + 0xa1, 0x45, 0xf0, 0x06, 0xf6, 0x85, 0xb5, 0x93, + 0xf1, 0x45, 0xc4, 0xe5, 0xf1, 0x76, 0x71, 0xb4, + 0xdc, 0x03, 0x55, 0xde, 0xb1, 0xd3, 0x5a, 0x0f, + 0x1f, 0x4f, 0xdd, 0xaa, 0x87, 0x8e, 0x46, 0x4d, + 0xe3, 0xd0, 0x5b, 0x28, 0x01, 0xc4, 0x94, 0xf7, + 0x00, 0x93, 0xae, 0xa3, 0xb5, 0x64, 0x65, 0xa1, + 0x16, 0x29, 0x2e, 0xc7, 0xbb, 0xeb, 0x71, 0x02, + 0xf9, 0x26, 0xb6, 0xa6, 0x24, 0xdc, 0x6a, 0x0e, + 0x0d, 0xad, 0x50, 0xf5, 0x4b, 0xe7, 0x0e, 0x9a, + 0x39, 0x20, 0x70, 0xe2, 0xdf, 0x3b, 0x6f, 0x9d, + 0xe3, 0x8f, 0x15, 0x6d, 0x5a, 0xaf, 0x12, 0xf7, + 0xf7, 0x85, 0x6f, 0x0e, 0xe4, 0x6e, 0x27, 0xf7, + 0xb3, 0x44, 0x38, 0x73, 0x45, 0x80, 0x7a, 0x72, + 0x82, 0xf3, 0xc8, 0x32, 0xb8, 0x25, 0xef, 0xdc, +}; + +static const unsigned char rsa_sigverpss_0_n[] = { + 0xb2, 0xee, 0xdd, 0xdf, 0xa0, 0x35, 0x92, 0x21, + 0xf4, 0x8e, 0xc3, 0x24, 0x39, 0xed, 0xe2, 0x38, + 0xc0, 0xaa, 0xff, 0x35, 0x75, 0x27, 0x05, 0xd4, + 0x84, 0x78, 0x23, 0x50, 0xa5, 0x64, 0x1e, 0x11, + 0x45, 0x2a, 0xb1, 0xeb, 0x97, 0x07, 0x0b, 0xff, + 0xb3, 0x1f, 0xc4, 0xa4, 0x80, 0xae, 0x1c, 0x8c, + 0x66, 0x71, 0x95, 0x80, 0x60, 0xea, 0x4d, 0xde, + 0x90, 0x98, 0xe8, 0xe2, 0x96, 0xa7, 0x0e, 0x5f, + 0x00, 0x74, 0xed, 0x79, 0xc3, 0xe2, 0xc2, 0x4e, + 0xbe, 0x07, 0xbd, 0xb1, 0xb2, 0xeb, 0x6c, 0x29, + 0x9a, 0x59, 0x29, 0x81, 0xa3, 0x83, 0xa3, 0x00, + 0x24, 0xa8, 0xfd, 0x45, 0xbb, 0xca, 0x1e, 0x44, + 0x47, 0xbb, 0x82, 0x4a, 0x5b, 0x71, 0x46, 0xc0, + 0xb4, 0xcc, 0x1b, 0x5e, 0x88, 0x9c, 0x89, 0x69, + 0xb4, 0xb0, 0x7c, 0x8e, 0xea, 0x24, 0xc0, 0x2f, + 0xc8, 0x3f, 0x9d, 0x9f, 0x43, 0xd3, 0xf0, 0x25, + 0x67, 0xf1, 0xf0, 0x9b, 0xd4, 0xff, 0x17, 0x9f, + 0xc3, 0x41, 0x2f, 0x53, 0x33, 0xdd, 0x73, 0x8a, + 0x5c, 0x74, 0x04, 0x3b, 0x60, 0xcc, 0x9f, 0xca, + 0x01, 0xb0, 0x0d, 0xe0, 0xcf, 0xb2, 0xf0, 0x08, + 0x73, 0xb6, 0x67, 0x6c, 0x54, 0x9e, 0x1c, 0x01, + 0xb5, 0x34, 0xab, 0xcf, 0x77, 0xfe, 0x04, 0x01, + 0xc1, 0xd2, 0x4d, 0x47, 0x60, 0x5c, 0x68, 0x47, + 0x8a, 0x47, 0x3c, 0x3a, 0xa3, 0xb2, 0x75, 0x87, + 0x6e, 0x01, 0x7b, 0xdb, 0xe9, 0x6e, 0x63, 0xb2, + 0x65, 0xab, 0xc6, 0xed, 0x0d, 0xa6, 0x84, 0xff, + 0xf3, 0xcf, 0xd3, 0x9a, 0x96, 0x9b, 0x5c, 0x22, + 0xf8, 0x07, 0x7d, 0x63, 0x75, 0x50, 0x91, 0x5b, + 0xc4, 0x1f, 0x29, 0x1f, 0x5d, 0xb0, 0x6e, 0xfa, + 0x9b, 0x16, 0xf0, 0xe4, 0xda, 0x2c, 0x94, 0x20, + 0x9b, 0x44, 0x51, 0x38, 0xd0, 0xe4, 0x86, 0xc9, + 0x76, 0x12, 0x04, 0x1a, 0x25, 0x14, 0xb7, 0x14, + 0xdb, 0x6e, 0xd2, 0xc3, 0x57, 0x2c, 0x4c, 0xec, + 0xfe, 0x25, 0xed, 0x3e, 0xe3, 0x26, 0xa8, 0xd4, + 0xd0, 0x21, 0xbc, 0x09, 0x7e, 0xb0, 0x02, 0x3c, + 0xa3, 0x43, 0xa4, 0x1f, 0x73, 0x54, 0x5f, 0xa3, + 0xe2, 0x49, 0x4e, 0x25, 0xe8, 0xfc, 0xfb, 0xa9, + 0x29, 0xc0, 0x7d, 0xd0, 0x06, 0xd5, 0x5c, 0x52, + 0x68, 0x3c, 0xf8, 0xc5, 0xdb, 0x92, 0x27, 0x7c, + 0xd8, 0x56, 0x1a, 0x7d, 0xe3, 0x32, 0xe5, 0x08, + 0xc9, 0x36, 0x9d, 0x7e, 0xd2, 0x2d, 0xc2, 0x53, + 0xf2, 0x7e, 0xce, 0x8a, 0x10, 0x5c, 0xf7, 0xe9, + 0x99, 0xa6, 0xa8, 0xf5, 0x8d, 0x6c, 0xed, 0xf3, + 0xa1, 0xc8, 0x2a, 0x75, 0x77, 0x99, 0x18, 0xe1, + 0x32, 0xdb, 0x35, 0x4a, 0x8b, 0x4a, 0xec, 0xc2, + 0x15, 0xe9, 0x4b, 0x89, 0x13, 0x81, 0xfb, 0x0c, + 0xf9, 0xb4, 0xd8, 0xee, 0xb5, 0xba, 0x45, 0xa1, + 0xea, 0x01, 0xf9, 0xbb, 0xd5, 0xa1, 0x73, 0xa1, + 0x5b, 0xef, 0x98, 0xa8, 0xcf, 0x74, 0xf4, 0xd5, + 0x1a, 0xe2, 0xa7, 0xb9, 0x37, 0x43, 0xb1, 0x29, + 0x94, 0xc3, 0x71, 0x74, 0x34, 0x7d, 0x6f, 0xac, + 0x97, 0xb3, 0x5b, 0x3a, 0x0a, 0x3c, 0xe2, 0x94, + 0x6c, 0x39, 0xb8, 0xe9, 0x2c, 0xf9, 0xc3, 0x8b, + 0xd1, 0x80, 0x4d, 0x22, 0x64, 0x63, 0x20, 0x1b, + 0xeb, 0xf9, 0x09, 0x14, 0x86, 0x6e, 0xf4, 0x6d, + 0xfc, 0xe5, 0x1b, 0xf7, 0xf2, 0xe0, 0x4d, 0xc8, + 0xeb, 0x24, 0x35, 0x16, 0x0a, 0x81, 0x9f, 0x9e, + 0x47, 0xd8, 0xea, 0x85, 0xda, 0x77, 0x6c, 0x3d, + 0xd4, 0xa9, 0x15, 0xbd, 0xda, 0x5d, 0xf0, 0x72, + 0x8d, 0xb5, 0x12, 0x72, 0xb1, 0x62, 0xa0, 0xad, + 0xc8, 0x0e, 0x5b, 0x47, 0x4c, 0x69, 0xf7, 0x07, + 0xe8, 0xd9, 0x9b, 0xc7, 0x2f, 0xd5, 0x68, 0x1e, + 0x1c, 0xe0, 0x8f, 0x40, 0x45, 0x5f, 0x08, 0xc8, + 0x95, 0x57, 0xb7, 0x35, 0x92, 0x97, 0xf9, 0x7d, +}; +static const unsigned char rsa_sigverpss_0_e[] = { + 0x01, 0x00, 0x01, +}; +static const unsigned char rsa_sigverpss_0_msg[] = { + 0x32, 0x03, 0x0c, 0x2e, 0x06, 0xfc, 0x0f, 0xa5, + 0x65, 0xcd, 0x0f, 0x88, 0x52, 0x80, 0xc3, 0x43, + 0xda, 0x01, 0x36, 0x48, 0xf5, 0x76, 0xc8, 0x03, + 0xae, 0xce, 0x76, 0x0f, 0x83, 0x9d, 0x5c, 0xaa, + 0x0f, 0x27, 0x78, 0x66, 0xe6, 0xba, 0xb1, 0x22, + 0xc1, 0x42, 0x18, 0x39, 0xdb, 0x17, 0x6d, 0xf9, + 0x9a, 0x19, 0xe5, 0x57, 0x72, 0xff, 0x2a, 0xe0, + 0x07, 0xec, 0xa4, 0xf3, 0x91, 0x43, 0xf7, 0x2e, + 0x85, 0xbd, 0xcd, 0x26, 0x72, 0xb9, 0xd5, 0x5b, + 0x28, 0xd3, 0x0c, 0x6b, 0x20, 0xb7, 0x3b, 0x85, + 0x18, 0x38, 0xc0, 0x21, 0xfe, 0x9c, 0x92, 0xee, + 0x0f, 0x3a, 0x80, 0x0c, 0x40, 0x48, 0xb9, 0x7c, + 0xdd, 0xee, 0x91, 0xd5, 0x70, 0x9e, 0x82, 0x38, + 0xe4, 0xa8, 0x71, 0x85, 0xea, 0x09, 0x33, 0xcf, + 0x9c, 0x84, 0x50, 0x0e, 0x60, 0xf5, 0x07, 0x14, + 0x10, 0xe1, 0x92, 0xc3, 0x58, 0x51, 0xab, 0x7c, +}; +static const unsigned char rsa_sigverpss_0_sig[] = { + 0x43, 0xb2, 0x4a, 0x50, 0xa7, 0xe2, 0x6c, 0x5d, + 0x50, 0xc5, 0x39, 0xc1, 0xc1, 0x35, 0xbd, 0x66, + 0xbd, 0x86, 0x54, 0xc5, 0x2e, 0x65, 0xfc, 0x19, + 0x19, 0x6a, 0x22, 0x43, 0x22, 0x11, 0x26, 0xae, + 0x51, 0x78, 0xfa, 0xfa, 0xc1, 0xf0, 0x77, 0x1b, + 0xd6, 0x5b, 0x93, 0xbd, 0x84, 0xe4, 0x35, 0xbd, + 0x8d, 0x91, 0xb2, 0x7c, 0xb2, 0xb1, 0xda, 0xd7, + 0x72, 0x62, 0x88, 0x3e, 0xe9, 0x40, 0x27, 0x4e, + 0xa5, 0x17, 0x94, 0xf1, 0xe9, 0xdd, 0x8c, 0x6c, + 0x5b, 0xc0, 0x0b, 0xe3, 0x7c, 0x8b, 0xc8, 0x10, + 0x57, 0x35, 0x69, 0xb7, 0x56, 0xe0, 0x2f, 0x61, + 0x2e, 0x13, 0x11, 0x79, 0xfa, 0x60, 0x8f, 0x2a, + 0x65, 0x73, 0xf5, 0x17, 0x34, 0x74, 0x72, 0x22, + 0xff, 0x22, 0x5b, 0x97, 0x59, 0x44, 0xf4, 0xfb, + 0x4a, 0x2b, 0x7e, 0x28, 0xe3, 0x79, 0x84, 0x24, + 0x63, 0xeb, 0xde, 0x63, 0x88, 0xe0, 0xbd, 0x28, + 0xef, 0x49, 0x6d, 0xd4, 0x2a, 0x87, 0x53, 0xba, + 0x5f, 0xde, 0xe3, 0xd4, 0xb2, 0xc2, 0x6f, 0x49, + 0x10, 0xae, 0x5e, 0x15, 0xdd, 0x0f, 0x91, 0xe2, + 0xeb, 0x1e, 0xc5, 0x36, 0x8e, 0xdf, 0xa6, 0x17, + 0x25, 0x21, 0x16, 0x06, 0x72, 0x37, 0x77, 0x19, + 0xe5, 0x88, 0x1b, 0x0b, 0x5b, 0x80, 0x44, 0x8f, + 0x13, 0xef, 0xbb, 0xfa, 0xf6, 0x4a, 0x11, 0x6a, + 0x6a, 0x0c, 0xe0, 0x42, 0x6b, 0x7d, 0xfd, 0xad, + 0xb0, 0x4b, 0xff, 0x3f, 0x20, 0xca, 0x5f, 0x64, + 0xcc, 0xc9, 0x5b, 0x89, 0xc2, 0x05, 0x33, 0xf9, + 0xa5, 0x31, 0x55, 0xfb, 0xdc, 0xeb, 0xd1, 0x24, + 0xbf, 0x17, 0x0f, 0xc8, 0xfd, 0xe9, 0x6a, 0xc1, + 0xa7, 0x94, 0x36, 0x72, 0x22, 0x29, 0x2c, 0x1c, + 0xd1, 0x8b, 0x7b, 0x37, 0x42, 0x25, 0x8d, 0xe3, + 0xcc, 0x06, 0x5f, 0x3c, 0x15, 0xfa, 0x74, 0x8a, + 0x83, 0xf0, 0xcc, 0xf5, 0x30, 0xd1, 0xa8, 0x88, + 0x9f, 0x4e, 0x1d, 0xd8, 0xe3, 0x1b, 0xb5, 0xe3, + 0xdb, 0xce, 0xbc, 0x03, 0xfe, 0xe6, 0xa2, 0xb4, + 0x94, 0x76, 0xd1, 0xb7, 0xce, 0xae, 0x6a, 0x7c, + 0xbd, 0x4f, 0xd6, 0xfe, 0x60, 0xd0, 0x78, 0xd4, + 0x04, 0x3f, 0xe0, 0x17, 0x2a, 0x41, 0x26, 0x5a, + 0x81, 0x80, 0xcd, 0x40, 0x7c, 0x4f, 0xd6, 0xd6, + 0x1d, 0x1f, 0x58, 0x59, 0xaf, 0xa8, 0x00, 0x91, + 0x69, 0xb1, 0xf8, 0x3b, 0xef, 0x59, 0x7e, 0x83, + 0x4e, 0xca, 0x1d, 0x33, 0x35, 0xb6, 0xa5, 0x9a, + 0x0e, 0xc5, 0xe5, 0x11, 0xdd, 0x5d, 0xb7, 0x32, + 0x66, 0x23, 0x63, 0x08, 0xbc, 0x2e, 0x9c, 0x10, + 0x30, 0xa4, 0x13, 0x38, 0xee, 0xc7, 0x10, 0xf6, + 0xed, 0xe9, 0xe1, 0xd1, 0x89, 0x8b, 0x94, 0x21, + 0xde, 0x76, 0x72, 0x90, 0xc4, 0xbc, 0x59, 0x31, + 0x1b, 0x1b, 0xd7, 0xa0, 0xd0, 0x3d, 0xaa, 0x43, + 0x66, 0xfa, 0x43, 0x8d, 0xcc, 0x37, 0xdc, 0x60, + 0x59, 0xaf, 0x02, 0x98, 0xe5, 0xe0, 0x17, 0xd6, + 0xc3, 0x84, 0xf2, 0xaa, 0x5d, 0x88, 0xa8, 0x78, + 0xbf, 0xbd, 0x18, 0x34, 0x9f, 0x5c, 0x6d, 0x22, + 0x0c, 0x77, 0x4f, 0x16, 0xf2, 0x85, 0x88, 0x2e, + 0x9a, 0x2b, 0x30, 0x1e, 0x17, 0xc8, 0xc7, 0xd4, + 0x20, 0x93, 0x47, 0x0d, 0x32, 0x7d, 0xcb, 0x77, + 0x85, 0x82, 0xc3, 0x80, 0x75, 0x10, 0x83, 0x33, + 0xd5, 0xde, 0x47, 0xd4, 0x22, 0x55, 0x4d, 0xca, + 0x4f, 0x90, 0xd2, 0x9f, 0x80, 0x58, 0x22, 0x4c, + 0x5a, 0xaa, 0x53, 0x9e, 0xeb, 0xde, 0x62, 0x8a, + 0xfb, 0xd7, 0x4b, 0x28, 0xd5, 0xe1, 0x02, 0xf9, + 0x61, 0x74, 0x42, 0x12, 0x32, 0x5d, 0x1b, 0x10, + 0x8f, 0x51, 0x8d, 0x7c, 0x59, 0xc5, 0xb7, 0x5a, + 0x68, 0xe7, 0xdd, 0xb0, 0xc0, 0x22, 0xbc, 0xf1, + 0x37, 0xcc, 0x63, 0xa2, 0x85, 0xb9, 0x11, 0x91, + 0x43, 0xb9, 0x7b, 0xfb, 0x4a, 0x21, 0xc9, 0xd5, +}; + +#define rsa_sigverpss_1_n rsa_sigverpss_0_n +#define rsa_sigverpss_1_e rsa_sigverpss_0_e +static const unsigned char rsa_sigverpss_1_msg[] = { + 0x29, 0xdc, 0x70, 0xd8, 0xa5, 0xde, 0x41, 0x1d, + 0xed, 0x05, 0x16, 0x04, 0x48, 0x05, 0x21, 0x05, + 0x1c, 0x40, 0x8a, 0xbb, 0x6c, 0x3c, 0x11, 0xf3, + 0x9f, 0x55, 0xf4, 0x03, 0x83, 0xaf, 0x13, 0x5d, + 0x91, 0x6f, 0x52, 0x63, 0x73, 0x2b, 0x3f, 0x7d, + 0xc3, 0x9e, 0xf5, 0x69, 0x16, 0xa1, 0x40, 0xd3, + 0x39, 0x57, 0x01, 0x26, 0xba, 0xa7, 0xd4, 0xa1, + 0xaa, 0xef, 0xf1, 0xad, 0xa2, 0xf6, 0x50, 0x6e, + 0x04, 0x23, 0x11, 0x98, 0x83, 0xed, 0x1a, 0x84, + 0xe6, 0x93, 0x02, 0x83, 0x08, 0x0d, 0x2e, 0x72, + 0x24, 0x42, 0x39, 0x8e, 0x4f, 0x7b, 0x99, 0x8a, + 0x46, 0x18, 0x80, 0xdf, 0x6a, 0x82, 0x01, 0x64, + 0x09, 0x60, 0x74, 0x1e, 0xdf, 0x0e, 0x1b, 0x59, + 0xdd, 0x4a, 0x06, 0xf7, 0x29, 0x31, 0x33, 0x09, + 0x65, 0x6b, 0xfa, 0x9c, 0x34, 0xa2, 0xa8, 0xd5, + 0xfa, 0x38, 0x6b, 0x41, 0xe4, 0x39, 0x6e, 0x66, +}; +static const unsigned char rsa_sigverpss_1_sig[] = { + 0x48, 0x7f, 0x71, 0x82, 0x63, 0x1d, 0xf2, 0xee, + 0xe8, 0x79, 0xeb, 0x3a, 0xaf, 0x41, 0x8a, 0x7c, + 0xab, 0x0b, 0xd4, 0x57, 0xb6, 0x62, 0x9f, 0x6f, + 0xec, 0xc1, 0xd4, 0xef, 0x55, 0x51, 0xd1, 0x0a, + 0x0e, 0x1d, 0x8a, 0x64, 0x69, 0x08, 0x57, 0xf5, + 0x04, 0xa8, 0x6c, 0xde, 0x76, 0x4d, 0x81, 0xf4, + 0x95, 0x7e, 0x95, 0x6d, 0x41, 0x31, 0x2f, 0x9d, + 0xe7, 0x47, 0x45, 0x45, 0x9f, 0xa8, 0xf8, 0xe3, + 0x30, 0xa6, 0x41, 0x0f, 0x12, 0x05, 0x6d, 0x2b, + 0x1a, 0xae, 0xef, 0xd4, 0x6b, 0xc6, 0xf4, 0x61, + 0xa5, 0x07, 0xfe, 0xe8, 0xd0, 0xfd, 0xa3, 0x93, + 0x58, 0xb4, 0x22, 0x37, 0x1b, 0x84, 0xcb, 0xef, + 0xae, 0x24, 0xec, 0x62, 0xe2, 0x7d, 0xf4, 0x09, + 0x5a, 0xc3, 0x0f, 0x4b, 0x49, 0xb7, 0xe7, 0xb2, + 0x9b, 0x01, 0x2c, 0x8a, 0x39, 0xdd, 0x10, 0xec, + 0x30, 0xb9, 0x7e, 0x39, 0x98, 0x94, 0x2a, 0xa4, + 0xb3, 0x97, 0x7f, 0x85, 0x6e, 0x19, 0x75, 0x9e, + 0x91, 0x94, 0xaa, 0xb5, 0xb0, 0x1f, 0x72, 0x50, + 0xb5, 0x6d, 0x7a, 0xff, 0x90, 0xcc, 0x24, 0x80, + 0x20, 0x23, 0x1c, 0xf3, 0xbd, 0x01, 0xc7, 0x82, + 0x63, 0x04, 0xcc, 0xbd, 0xfb, 0x41, 0x9a, 0xb8, + 0xeb, 0x6d, 0x78, 0x02, 0xee, 0x4a, 0x6d, 0xbb, + 0xf7, 0xb7, 0xcf, 0x91, 0xca, 0x11, 0xf2, 0x62, + 0xec, 0x18, 0x14, 0xcd, 0x10, 0xd8, 0x60, 0xe5, + 0x20, 0x86, 0x74, 0x84, 0xd5, 0x35, 0x34, 0x69, + 0x65, 0x93, 0x31, 0x99, 0xb6, 0x2d, 0x43, 0x23, + 0x1d, 0x73, 0x55, 0xfa, 0x03, 0x76, 0x22, 0xcc, + 0x66, 0xbc, 0x20, 0x2f, 0x7f, 0x4f, 0x78, 0xdd, + 0xd1, 0x1f, 0xb6, 0x79, 0x6b, 0x58, 0x58, 0x57, + 0x56, 0x87, 0xbc, 0x72, 0x6c, 0x81, 0x0a, 0xe2, + 0xae, 0xb2, 0x4b, 0x66, 0x5b, 0x65, 0x35, 0x2b, + 0x89, 0x0b, 0xa8, 0x5c, 0x34, 0xb3, 0x5f, 0xb0, + 0x21, 0x5d, 0x4c, 0x60, 0x57, 0x73, 0xb6, 0x16, + 0x94, 0xa7, 0x55, 0x52, 0x2a, 0x87, 0x10, 0xc9, + 0x7c, 0x86, 0xb9, 0xdd, 0xf5, 0xb9, 0x30, 0xc0, + 0xe6, 0x2a, 0xc9, 0x08, 0x3a, 0x88, 0xdc, 0x27, + 0xea, 0x2f, 0xd9, 0x37, 0x06, 0x36, 0xd8, 0xe5, + 0x66, 0x11, 0x54, 0x72, 0x4c, 0xc8, 0xa2, 0xc1, + 0xed, 0xf5, 0x17, 0x3b, 0x06, 0x2b, 0x4c, 0xc9, + 0x49, 0x2b, 0x98, 0x6f, 0xb8, 0x77, 0x96, 0x0c, + 0x6b, 0x47, 0x81, 0x6c, 0xf3, 0x94, 0x3d, 0x3b, + 0x24, 0x2d, 0x26, 0x9c, 0x40, 0xc1, 0x1f, 0xa7, + 0xb2, 0xb4, 0x29, 0xb6, 0x05, 0xe5, 0x6e, 0x3c, + 0xab, 0xd4, 0xaa, 0x3d, 0x78, 0x63, 0x3e, 0xf2, + 0x75, 0x0d, 0xc3, 0x46, 0x0e, 0x68, 0xd7, 0x3d, + 0xb9, 0xcb, 0x9a, 0x0a, 0xce, 0xec, 0x6f, 0x21, + 0x8c, 0x86, 0xaa, 0xeb, 0x7b, 0x56, 0x41, 0xa6, + 0x7a, 0xd3, 0x03, 0x02, 0x5c, 0x76, 0x01, 0xf7, + 0x5d, 0x5e, 0x8e, 0x7d, 0xac, 0x35, 0x84, 0x11, + 0xc6, 0xbc, 0x9a, 0x53, 0xcc, 0x3b, 0x4f, 0x5b, + 0x23, 0x79, 0x30, 0x52, 0xc3, 0x73, 0x5d, 0xc8, + 0xf1, 0xec, 0x2e, 0x0d, 0xda, 0x64, 0x90, 0x50, + 0x62, 0xcf, 0x18, 0xc5, 0x52, 0x45, 0xe7, 0x38, + 0x1a, 0xec, 0x01, 0x18, 0xbb, 0x85, 0x97, 0x7f, + 0x68, 0x2b, 0x6f, 0xfc, 0xcd, 0x08, 0xc8, 0xe2, + 0xca, 0x7e, 0xa6, 0x4f, 0xca, 0x5d, 0xdd, 0xf8, + 0xfa, 0x52, 0x1c, 0x91, 0x82, 0x56, 0x07, 0xb2, + 0x03, 0x3e, 0xa2, 0x8d, 0x60, 0xff, 0x78, 0x05, + 0x1a, 0xfc, 0x6e, 0x27, 0x80, 0xbd, 0x90, 0x98, + 0x83, 0x46, 0xba, 0xec, 0xee, 0x89, 0xe3, 0x1b, + 0xc0, 0xcd, 0x2f, 0x05, 0x37, 0x18, 0xb5, 0xfa, + 0xc3, 0x91, 0x85, 0x0f, 0xb7, 0x74, 0x1c, 0x64, + 0xf0, 0xf8, 0x56, 0x35, 0xb8, 0x1d, 0xc3, 0x39, + 0x5c, 0xea, 0x8a, 0x92, 0x31, 0xd2, 0x11, 0x4b, +}; + +static const unsigned char rsa_sigverx931_0_n[] = { + 0xa0, 0x16, 0x14, 0x80, 0x8b, 0x17, 0x2b, 0xad, + 0xd7, 0x07, 0x31, 0x6d, 0xfc, 0xba, 0x25, 0x83, + 0x09, 0xa0, 0xf7, 0x71, 0xc6, 0x06, 0x22, 0x87, + 0xd6, 0xbd, 0x13, 0xd9, 0xfe, 0x7c, 0xf7, 0xe6, + 0x48, 0xdb, 0x27, 0xd8, 0xa5, 0x49, 0x8e, 0x8c, + 0xea, 0xbe, 0xe0, 0x04, 0x6f, 0x3d, 0x3b, 0x73, + 0xdc, 0xc5, 0xd4, 0xdc, 0x85, 0xef, 0xea, 0x10, + 0x46, 0xf3, 0x88, 0xb9, 0x93, 0xbc, 0xa0, 0xb6, + 0x06, 0x02, 0x82, 0xb4, 0x2d, 0x54, 0xec, 0x79, + 0x50, 0x8a, 0xfc, 0xfa, 0x62, 0x45, 0xbb, 0xd7, + 0x26, 0xcd, 0x88, 0xfa, 0xe8, 0x0f, 0x26, 0x5b, + 0x1f, 0x21, 0x3f, 0x3b, 0x5d, 0x98, 0x3f, 0x02, + 0x8c, 0xa1, 0xbf, 0xc0, 0x70, 0x4d, 0xd1, 0x41, + 0xfd, 0xb9, 0x55, 0x12, 0x90, 0xc8, 0x6e, 0x0f, + 0x19, 0xa8, 0x5c, 0x31, 0xd6, 0x16, 0x0e, 0xdf, + 0x08, 0x84, 0xcd, 0x4b, 0xfd, 0x28, 0x8d, 0x7d, + 0x6e, 0xea, 0xc7, 0x95, 0x4a, 0xc3, 0x84, 0x54, + 0x7f, 0xb0, 0x20, 0x29, 0x96, 0x39, 0x4c, 0x3e, + 0x85, 0xec, 0x22, 0xdd, 0xb9, 0x14, 0xbb, 0x04, + 0x2f, 0x4c, 0x0c, 0xe3, 0xfa, 0xae, 0x47, 0x79, + 0x59, 0x8e, 0x4e, 0x7d, 0x4a, 0x17, 0xae, 0x16, + 0x38, 0x66, 0x4e, 0xff, 0x45, 0x7f, 0xac, 0x5e, + 0x75, 0x9f, 0x51, 0x18, 0xe6, 0xad, 0x6b, 0x8b, + 0x3d, 0x08, 0x4d, 0x9a, 0xd2, 0x11, 0xba, 0xa8, + 0xc3, 0xb5, 0x17, 0xb5, 0xdf, 0xe7, 0x39, 0x89, + 0x27, 0x7b, 0xeb, 0xf4, 0xe5, 0x7e, 0xa9, 0x7b, + 0x39, 0x40, 0x6f, 0xe4, 0x82, 0x14, 0x3d, 0x62, + 0xb6, 0xd4, 0x43, 0xd0, 0x0a, 0x2f, 0xc1, 0x73, + 0x3d, 0x99, 0x37, 0xbe, 0x62, 0x13, 0x6a, 0x8b, + 0xeb, 0xc5, 0x64, 0xd5, 0x2a, 0x8b, 0x4f, 0x7f, + 0x82, 0x48, 0x69, 0x3e, 0x08, 0x1b, 0xb5, 0x77, + 0xd3, 0xdc, 0x1b, 0x2c, 0xe5, 0x59, 0xf6, 0x33, + 0x47, 0xa0, 0x0f, 0xff, 0x8a, 0x6a, 0x1d, 0x66, + 0x24, 0x67, 0x36, 0x7d, 0x21, 0xda, 0xc1, 0xd4, + 0x11, 0x6c, 0xe8, 0x5f, 0xd7, 0x8a, 0x53, 0x5c, + 0xb2, 0xe2, 0xf9, 0x14, 0x29, 0x0f, 0xcf, 0x28, + 0x32, 0x4f, 0xc6, 0x17, 0xf6, 0xbc, 0x0e, 0xb8, + 0x99, 0x7c, 0x14, 0xa3, 0x40, 0x3f, 0xf3, 0xe4, + 0x31, 0xbe, 0x54, 0x64, 0x5a, 0xad, 0x1d, 0xb0, + 0x37, 0xcc, 0xd9, 0x0b, 0xa4, 0xbc, 0xe0, 0x07, + 0x37, 0xd1, 0xe1, 0x65, 0xc6, 0x53, 0xfe, 0x60, + 0x6a, 0x64, 0xa4, 0x01, 0x00, 0xf3, 0x5b, 0x9a, + 0x28, 0x61, 0xde, 0x7a, 0xd7, 0x0d, 0x56, 0x1e, + 0x4d, 0xa8, 0x6a, 0xb5, 0xf2, 0x86, 0x2a, 0x4e, + 0xaa, 0x37, 0x23, 0x5a, 0x3b, 0x69, 0x66, 0x81, + 0xc8, 0x8e, 0x1b, 0x31, 0x0f, 0x28, 0x31, 0x9a, + 0x2d, 0xe5, 0x79, 0xcc, 0xa4, 0xca, 0x60, 0x45, + 0xf7, 0x83, 0x73, 0x5a, 0x01, 0x29, 0xda, 0xf7, + +}; +static const unsigned char rsa_sigverx931_0_e[] = { + 0x01, 0x00, 0x01, +}; +static const unsigned char rsa_sigverx931_0_msg[] = { + 0x82, 0x2e, 0x41, 0x70, 0x9d, 0x1f, 0xe9, 0x47, + 0xec, 0xf1, 0x79, 0xcc, 0x05, 0xef, 0xdb, 0xcd, + 0xca, 0x8b, 0x8e, 0x61, 0x45, 0xad, 0xa6, 0xd9, + 0xd7, 0x4b, 0x15, 0xf4, 0x92, 0x3a, 0x2a, 0x52, + 0xe3, 0x44, 0x57, 0x2b, 0x74, 0x7a, 0x37, 0x41, + 0x50, 0xcb, 0xcf, 0x13, 0x49, 0xd6, 0x15, 0x54, + 0x97, 0xfd, 0xae, 0x9b, 0xc1, 0xbb, 0xfc, 0x5c, + 0xc1, 0x37, 0x58, 0x17, 0x63, 0x19, 0x9c, 0xcf, + 0xee, 0x9c, 0xe5, 0xbe, 0x06, 0xe4, 0x97, 0x47, + 0xd1, 0x93, 0xa1, 0x2c, 0x59, 0x97, 0x02, 0x01, + 0x31, 0x45, 0x8c, 0xe1, 0x5c, 0xac, 0xe7, 0x5f, + 0x6a, 0x23, 0xda, 0xbf, 0xe4, 0x25, 0xc6, 0x67, + 0xea, 0x5f, 0x73, 0x90, 0x1b, 0x06, 0x0f, 0x41, + 0xb5, 0x6e, 0x74, 0x7e, 0xfd, 0xd9, 0xaa, 0xbd, + 0xe2, 0x8d, 0xad, 0x99, 0xdd, 0x29, 0x70, 0xca, + 0x1b, 0x38, 0x21, 0x55, 0xde, 0x07, 0xaf, 0x00, + +}; +static const unsigned char rsa_sigverx931_0_sig[] = { + 0x29, 0xa9, 0x3a, 0x8e, 0x9e, 0x90, 0x1b, 0xdb, + 0xaf, 0x0b, 0x47, 0x5b, 0xb5, 0xc3, 0x8c, 0xc3, + 0x70, 0xbe, 0x73, 0xf9, 0x65, 0x8e, 0xc6, 0x1e, + 0x95, 0x0b, 0xdb, 0x24, 0x76, 0x79, 0xf1, 0x00, + 0x71, 0xcd, 0xc5, 0x6a, 0x7b, 0xd2, 0x8b, 0x18, + 0xc4, 0xdd, 0xf1, 0x2a, 0x31, 0x04, 0x3f, 0xfc, + 0x36, 0x06, 0x20, 0x71, 0x3d, 0x62, 0xf2, 0xb5, + 0x79, 0x0a, 0xd5, 0xd2, 0x81, 0xf1, 0xb1, 0x4f, + 0x9a, 0x17, 0xe8, 0x67, 0x64, 0x48, 0x09, 0x75, + 0xff, 0x2d, 0xee, 0x36, 0xca, 0xca, 0x1d, 0x74, + 0x99, 0xbe, 0x5c, 0x94, 0x31, 0xcc, 0x12, 0xf4, + 0x59, 0x7e, 0x17, 0x00, 0x4f, 0x7b, 0xa4, 0xb1, + 0xda, 0xdb, 0x3e, 0xa4, 0x34, 0x10, 0x4a, 0x19, + 0x0a, 0xd2, 0xa7, 0xa0, 0xc5, 0xe6, 0xef, 0x82, + 0xd4, 0x2e, 0x21, 0xbe, 0x15, 0x73, 0xac, 0xef, + 0x05, 0xdb, 0x6a, 0x8a, 0x1a, 0xcb, 0x8e, 0xa5, + 0xee, 0xfb, 0x28, 0xbf, 0x96, 0xa4, 0x2b, 0xd2, + 0x85, 0x2b, 0x20, 0xc3, 0xaf, 0x9a, 0x32, 0x04, + 0xa0, 0x49, 0x24, 0x47, 0xd0, 0x09, 0xf7, 0xcf, + 0x73, 0xb6, 0xf6, 0x70, 0xda, 0x3b, 0xf8, 0x5a, + 0x28, 0x2e, 0x14, 0x6c, 0x52, 0xbd, 0x2a, 0x7c, + 0x8e, 0xc1, 0xa8, 0x0e, 0xb1, 0x1e, 0x6b, 0x8d, + 0x76, 0xea, 0x70, 0x81, 0xa0, 0x02, 0x63, 0x74, + 0xbc, 0x7e, 0xb9, 0xac, 0x0e, 0x7b, 0x1b, 0x75, + 0x82, 0xe2, 0x98, 0x4e, 0x24, 0x55, 0xd4, 0xbd, + 0x14, 0xde, 0x58, 0x56, 0x3a, 0x5d, 0x4e, 0x57, + 0x0d, 0x54, 0x74, 0xe8, 0x86, 0x8c, 0xcb, 0x07, + 0x9f, 0x0b, 0xfb, 0xc2, 0x08, 0x5c, 0xd7, 0x05, + 0x3b, 0xc8, 0xd2, 0x15, 0x68, 0x8f, 0x3d, 0x3c, + 0x4e, 0x85, 0xa9, 0x25, 0x6f, 0xf5, 0x2e, 0xca, + 0xca, 0xa8, 0x27, 0x89, 0x61, 0x4e, 0x1f, 0x57, + 0x2d, 0x99, 0x10, 0x3f, 0xbc, 0x9e, 0x96, 0x5e, + 0x2f, 0x0a, 0x25, 0xa7, 0x5c, 0xea, 0x65, 0x2a, + 0x22, 0x35, 0xa3, 0xf9, 0x13, 0x89, 0x05, 0x2e, + 0x19, 0x73, 0x1d, 0x70, 0x74, 0x98, 0x15, 0x4b, + 0xab, 0x56, 0x52, 0xe0, 0x01, 0x42, 0x95, 0x6a, + 0x46, 0x2c, 0x78, 0xff, 0x26, 0xbc, 0x48, 0x10, + 0x38, 0x25, 0xab, 0x32, 0x7c, 0x79, 0x7c, 0x5d, + 0x6f, 0x45, 0x54, 0x74, 0x2d, 0x93, 0x56, 0x52, + 0x11, 0x34, 0x1e, 0xe3, 0x4b, 0x6a, 0x17, 0x4f, + 0x37, 0x14, 0x75, 0xac, 0xa3, 0xa1, 0xca, 0xda, + 0x38, 0x06, 0xa9, 0x78, 0xb9, 0x5d, 0xd0, 0x59, + 0x1b, 0x5d, 0x1e, 0xc2, 0x0b, 0xfb, 0x39, 0x37, + 0x44, 0x85, 0xb6, 0x36, 0x06, 0x95, 0xbc, 0x15, + 0x35, 0xb9, 0xe6, 0x27, 0x42, 0xe3, 0xc8, 0xec, + 0x30, 0x37, 0x20, 0x26, 0x9a, 0x11, 0x61, 0xc0, + 0xdb, 0xb2, 0x5a, 0x26, 0x78, 0x27, 0xb9, 0x13, + 0xc9, 0x1a, 0xa7, 0x67, 0x93, 0xe8, 0xbe, 0xcb, +}; + +#define rsa_sigverx931_1_n rsa_sigverx931_0_n +#define rsa_sigverx931_1_e rsa_sigverx931_0_e +static const unsigned char rsa_sigverx931_1_msg[] = { + 0x79, 0x02, 0xb9, 0xd2, 0x3e, 0x84, 0x02, 0xc8, + 0x2a, 0x94, 0x92, 0x14, 0x8d, 0xd5, 0xd3, 0x8d, + 0xb2, 0xf6, 0x00, 0x8b, 0x61, 0x2c, 0xd2, 0xf9, + 0xa8, 0xe0, 0x5d, 0xac, 0xdc, 0xa5, 0x34, 0xf3, + 0xda, 0x6c, 0xd4, 0x70, 0x92, 0xfb, 0x40, 0x26, + 0xc7, 0x9b, 0xe8, 0xd2, 0x10, 0x11, 0xcf, 0x7f, + 0x23, 0xd0, 0xed, 0x55, 0x52, 0x6d, 0xd3, 0xb2, + 0x56, 0x53, 0x8d, 0x7c, 0x4c, 0xb8, 0xcc, 0xb5, + 0xfd, 0xd0, 0x45, 0x4f, 0x62, 0x40, 0x54, 0x42, + 0x68, 0xd5, 0xe5, 0xdd, 0xf0, 0x76, 0x94, 0x59, + 0x1a, 0x57, 0x13, 0xb4, 0xc3, 0x70, 0xcc, 0xbd, + 0x4c, 0x2e, 0xc8, 0x6b, 0x9d, 0x68, 0xd0, 0x72, + 0x6a, 0x94, 0xd2, 0x18, 0xb5, 0x3b, 0x86, 0x45, + 0x95, 0xaa, 0x50, 0xda, 0x35, 0xeb, 0x69, 0x44, + 0x1f, 0xf3, 0x3a, 0x51, 0xbb, 0x1d, 0x08, 0x42, + 0x12, 0xd7, 0xd6, 0x21, 0xd8, 0x9b, 0x87, 0x55, +}; + +static const unsigned char rsa_sigverx931_1_sig[] = { + 0x3b, 0xba, 0xb3, 0xb1, 0xb2, 0x6a, 0x29, 0xb5, + 0xf9, 0x94, 0xf1, 0x00, 0x5c, 0x16, 0x67, 0x67, + 0x73, 0xd3, 0xde, 0x7e, 0x07, 0xfa, 0xaa, 0x95, + 0xeb, 0x5a, 0x55, 0xdc, 0xb2, 0xa9, 0x70, 0x5a, + 0xee, 0x8f, 0x8d, 0x69, 0x85, 0x2b, 0x00, 0xe3, + 0xdc, 0xe2, 0x73, 0x9b, 0x68, 0xeb, 0x93, 0x69, + 0x08, 0x03, 0x17, 0xd6, 0x50, 0x21, 0x14, 0x23, + 0x8c, 0xe6, 0x54, 0x3a, 0xd9, 0xfc, 0x8b, 0x14, + 0x81, 0xb1, 0x8b, 0x9d, 0xd2, 0xbe, 0x58, 0x75, + 0x94, 0x74, 0x93, 0xc9, 0xbb, 0x4e, 0xf6, 0x1f, + 0x73, 0x7d, 0x1a, 0x5f, 0xbd, 0xbf, 0x59, 0x37, + 0x5b, 0x98, 0x54, 0xad, 0x3a, 0xef, 0xa0, 0xef, + 0xcb, 0xc3, 0xe8, 0x84, 0xd8, 0x3d, 0xf5, 0x60, + 0xb8, 0xc3, 0x8d, 0x1e, 0x78, 0xa0, 0x91, 0x94, + 0xb7, 0xd7, 0xb1, 0xd4, 0xe2, 0xee, 0x81, 0x93, + 0xfc, 0x41, 0xf0, 0x31, 0xbb, 0x03, 0x52, 0xde, + 0x80, 0x20, 0x3a, 0x68, 0xe6, 0xc5, 0x50, 0x1b, + 0x08, 0x3f, 0x40, 0xde, 0xb3, 0xe5, 0x81, 0x99, + 0x7f, 0xdb, 0xb6, 0x5d, 0x61, 0x27, 0xd4, 0xfb, + 0xcd, 0xc5, 0x7a, 0xea, 0xde, 0x7a, 0x66, 0xef, + 0x55, 0x3f, 0x85, 0xea, 0x84, 0xc5, 0x0a, 0xf6, + 0x3c, 0x40, 0x38, 0xf7, 0x6c, 0x66, 0xe5, 0xbe, + 0x61, 0x41, 0xd3, 0xb1, 0x08, 0xe1, 0xb4, 0xf9, + 0x6e, 0xf6, 0x0e, 0x4a, 0x72, 0x6c, 0x61, 0x63, + 0x3e, 0x41, 0x33, 0x94, 0xd6, 0x27, 0xa4, 0xd9, + 0x3a, 0x20, 0x2b, 0x39, 0xea, 0xe5, 0x82, 0x48, + 0xd6, 0x5b, 0x58, 0x85, 0x44, 0xb0, 0xd2, 0xfd, + 0xfb, 0x3e, 0xeb, 0x78, 0xac, 0xbc, 0xba, 0x16, + 0x92, 0x0e, 0x20, 0xc1, 0xb2, 0xd1, 0x92, 0xa8, + 0x00, 0x88, 0xc0, 0x41, 0x46, 0x38, 0xb6, 0x54, + 0x70, 0x0c, 0x00, 0x62, 0x97, 0x6a, 0x8e, 0x66, + 0x5a, 0xa1, 0x6c, 0xf7, 0x6d, 0xc2, 0x27, 0x56, + 0x60, 0x5b, 0x0c, 0x52, 0xac, 0x5c, 0xae, 0x99, + 0x55, 0x11, 0x62, 0x52, 0x09, 0x48, 0x53, 0x90, + 0x3c, 0x0b, 0xd4, 0xdc, 0x7b, 0xe3, 0x4c, 0xe3, + 0xa8, 0x6d, 0xc5, 0xdf, 0xc1, 0x5c, 0x59, 0x25, + 0x99, 0x30, 0xde, 0x57, 0x6a, 0x84, 0x25, 0x34, + 0x3e, 0x64, 0x11, 0xdb, 0x7a, 0x82, 0x8e, 0x70, + 0xd2, 0x5c, 0x0e, 0x81, 0xa0, 0x24, 0x53, 0x75, + 0x98, 0xd6, 0x10, 0x01, 0x6a, 0x14, 0xed, 0xc3, + 0x6f, 0xc4, 0x18, 0xb8, 0xd2, 0x9f, 0x59, 0x53, + 0x81, 0x3a, 0x86, 0x31, 0xfc, 0x9e, 0xbf, 0x6c, + 0x52, 0x93, 0x86, 0x9c, 0xaa, 0x6c, 0x6f, 0x07, + 0x8a, 0x40, 0x33, 0x64, 0xb2, 0x70, 0x48, 0x85, + 0x05, 0x59, 0x65, 0x2d, 0x6b, 0x9a, 0xad, 0xab, + 0x20, 0x7e, 0x02, 0x6d, 0xde, 0xcf, 0x22, 0x0b, + 0xea, 0x6e, 0xbd, 0x1c, 0x39, 0x3a, 0xfd, 0xa4, + 0xde, 0x54, 0xae, 0xde, 0x5e, 0xf7, 0xb0, 0x6d, +}; + +static const struct rsa_sigver_st rsa_sigver_data[] = { + { + "pkcs1", /* pkcs1v1.5 */ + 2048, + "SHA224", + ITM(rsa_sigver15_0_msg), + ITM(rsa_sigver15_0_n), + ITM(rsa_sigver15_0_e), + ITM(rsa_sigver15_0_sig), + NO_PSS_SALT_LEN, + PASS + }, + { + "pkcs1", /* pkcs1v1.5 */ + 2048, + "SHA224", + ITM(rsa_sigver15_1_msg), + ITM(rsa_sigver15_1_n), + ITM(rsa_sigver15_1_e), + ITM(rsa_sigver15_1_sig), + NO_PSS_SALT_LEN, + FAIL + }, + { + "x931", + 3072, + "SHA1", + ITM(rsa_sigverx931_0_msg), + ITM(rsa_sigverx931_0_n), + ITM(rsa_sigverx931_0_e), + ITM(rsa_sigverx931_0_sig), + NO_PSS_SALT_LEN, + PASS + }, + { + "x931", + 3072, + "SHA256", + ITM(rsa_sigverx931_1_msg), + ITM(rsa_sigverx931_1_n), + ITM(rsa_sigverx931_1_e), + ITM(rsa_sigverx931_1_sig), + NO_PSS_SALT_LEN, + FAIL + }, + { + "pss", + 4096, + "SHA384", + ITM(rsa_sigverpss_0_msg), + ITM(rsa_sigverpss_0_n), + ITM(rsa_sigverpss_0_e), + ITM(rsa_sigverpss_0_sig), + 62, + PASS + }, + { + "pss", + 4096, + "SHA384", + ITM(rsa_sigverpss_1_msg), + ITM(rsa_sigverpss_1_n), + ITM(rsa_sigverpss_1_e), + ITM(rsa_sigverpss_1_sig), + 62, + FAIL + }, +}; + +struct rsa_decrypt_prim_st { + const unsigned char *ct; + size_t ct_len; +}; + +static const unsigned char rsa_decrypt_prim_0_ct[] = { + 0x09, 0x7e, 0x82, 0xfe, 0xc7, 0x24, 0x65, 0xe0, + 0x49, 0x2e, 0x78, 0xed, 0xf4, 0x7d, 0x05, 0x0d, + 0xff, 0x2f, 0x1a, 0x95, 0xeb, 0x74, 0x60, 0x3d, + 0xd3, 0x3a, 0xec, 0x8a, 0x2c, 0x8b, 0x00, 0xa5, + 0x75, 0x2c, 0x87, 0x7b, 0xa5, 0x76, 0x08, 0xee, + 0x99, 0xab, 0x5b, 0x21, 0x69, 0x90, 0x72, 0x0d, + 0x55, 0xe4, 0x7d, 0x1d, 0xcb, 0xaa, 0xeb, 0x32, + 0x24, 0xf7, 0xce, 0x95, 0xb5, 0x3e, 0x0e, 0x57, + 0xd4, 0x2a, 0x5b, 0xfc, 0x1f, 0xf7, 0x28, 0x3f, + 0xd6, 0x31, 0x36, 0x92, 0xc5, 0x13, 0xe3, 0x4e, + 0x28, 0x53, 0xbe, 0x60, 0x5f, 0x82, 0x12, 0x7a, + 0x50, 0xe6, 0x91, 0x40, 0xcf, 0x52, 0x3a, 0xd2, + 0x15, 0x20, 0xd5, 0x82, 0x6d, 0x5e, 0xab, 0x47, + 0xd1, 0x2d, 0x00, 0xf5, 0xea, 0xf4, 0x68, 0x88, + 0x38, 0x43, 0xd6, 0xcb, 0xaa, 0xd0, 0xd1, 0x75, + 0xe6, 0x87, 0x5f, 0xd1, 0x89, 0xd3, 0x57, 0x1b, + 0xf2, 0x45, 0x8a, 0x92, 0xe6, 0x95, 0xb8, 0x99, + 0x80, 0xe9, 0xe6, 0x5f, 0x2b, 0x48, 0x2b, 0xb3, + 0x2b, 0x80, 0x56, 0xf8, 0xd4, 0x96, 0x44, 0xb5, + 0xae, 0x6d, 0x4a, 0x3d, 0x7b, 0x0a, 0x54, 0x3c, + 0xa8, 0x21, 0x8b, 0x64, 0x96, 0xea, 0xc2, 0xef, + 0x60, 0xbb, 0xd3, 0x4e, 0xaf, 0x6c, 0x5b, 0x06, + 0x57, 0xe8, 0x5e, 0x2c, 0x87, 0x46, 0x12, 0xeb, + 0xfb, 0xe2, 0xdb, 0x7b, 0xac, 0x09, 0x8b, 0xa0, + 0x98, 0x6e, 0xc6, 0x3f, 0x98, 0xdd, 0x7d, 0xc6, + 0xc6, 0x32, 0xc2, 0xcc, 0x73, 0xe2, 0x15, 0xde, + 0xb2, 0x0f, 0x41, 0x08, 0x1e, 0x2e, 0xba, 0x93, + 0x65, 0x94, 0xab, 0x84, 0x0e, 0x1e, 0xda, 0x1b, + 0xf0, 0xe0, 0x13, 0x13, 0xe2, 0xa5, 0x31, 0xb8, + 0x80, 0xc1, 0x38, 0xc5, 0x08, 0x09, 0x0a, 0xe2, + 0x78, 0x7d, 0xd6, 0xcf, 0x8d, 0x6b, 0xe8, 0x1b, + 0x47, 0x83, 0x80, 0x71, 0xe2, 0xd3, 0x01, 0xbc, +}; + +static const unsigned char rsa_decrypt_prim_1_ct[] = { + 0xff, 0xd5, 0xaa, 0x3f, 0x0c, 0x7c, 0x78, 0x7e, + 0xe3, 0x8a, 0x4f, 0xcc, 0x20, 0x3f, 0x51, 0xe5, + 0xf4, 0x9c, 0xc5, 0x62, 0xcc, 0xa3, 0xcb, 0xce, + 0x39, 0x80, 0x35, 0xef, 0xd5, 0x95, 0x56, 0xcb, + 0xb2, 0x62, 0x8c, 0xe6, 0x8b, 0x20, 0xe4, 0x36, + 0xae, 0xe8, 0x07, 0x07, 0xc2, 0x23, 0x6a, 0xfc, + 0x83, 0xf0, 0x04, 0x88, 0x19, 0xf8, 0x9f, 0x5c, + 0x59, 0x4d, 0xb3, 0x81, 0x86, 0x9d, 0x3b, 0x61, + 0x73, 0x31, 0x03, 0xec, 0x9c, 0xdd, 0x75, 0xb7, + 0x37, 0x0a, 0x8d, 0x94, 0xd9, 0x9f, 0x6d, 0x85, + 0xb0, 0x5c, 0x08, 0xcc, 0xb4, 0x27, 0x8c, 0xf0, + 0xe6, 0xd6, 0xe0, 0xc1, 0x57, 0x59, 0xaa, 0xc7, + 0x8f, 0x5c, 0xa7, 0x4b, 0x3c, 0x81, 0x4a, 0xa3, + 0x9b, 0x18, 0x88, 0x04, 0x98, 0x54, 0x3d, 0x87, + 0x2a, 0x89, 0xb6, 0x41, 0xe8, 0xbd, 0x37, 0x17, + 0x03, 0xa8, 0xf1, 0x37, 0xa5, 0x5e, 0x02, 0x13, + 0x67, 0x08, 0xec, 0x9e, 0x97, 0xf5, 0xcc, 0x5f, + 0x75, 0x37, 0xbe, 0xce, 0xe8, 0x5e, 0xa1, 0xca, + 0x46, 0xa3, 0xda, 0xe4, 0x1f, 0xf8, 0xc4, 0xa3, + 0x26, 0xbb, 0xed, 0xa2, 0x71, 0xb2, 0x44, 0x00, + 0xd3, 0xe5, 0x06, 0xf1, 0xb4, 0xc1, 0xe0, 0x29, + 0xca, 0xeb, 0xe0, 0xdf, 0xd1, 0x69, 0x5f, 0xa9, + 0x03, 0x7c, 0x49, 0x93, 0xfb, 0xc2, 0xdf, 0x39, + 0xbc, 0x2a, 0x6b, 0x59, 0x7d, 0xf4, 0x84, 0x93, + 0xa2, 0x8b, 0x7a, 0x5a, 0x7a, 0xa9, 0xff, 0x41, + 0x4c, 0x52, 0x5c, 0xf9, 0x59, 0xd2, 0x91, 0xc3, + 0xa9, 0xe8, 0x23, 0x36, 0x5f, 0x2f, 0xb9, 0xbe, + 0x22, 0xc4, 0xfd, 0x84, 0x5f, 0x81, 0x3d, 0x94, + 0xf8, 0xa4, 0x9b, 0xae, 0xc0, 0xb5, 0x78, 0x4f, + 0x91, 0x76, 0x02, 0x5d, 0x60, 0x71, 0x8b, 0xeb, + 0x08, 0x42, 0xe3, 0xb3, 0x63, 0x05, 0x60, 0x59, + 0x98, 0xc1, 0x6d, 0x66, 0xb3, 0xc5, 0x8a, 0xbc, +}; + +static const struct rsa_decrypt_prim_st rsa_decrypt_prim_data[] = { + { + ITM(rsa_decrypt_prim_0_ct), + }, + { + ITM(rsa_decrypt_prim_1_ct), + }, +}; + +#endif /* OPENSSL_NO_RSA */ diff --git a/test/build.info b/test/build.info index de4f2fc270..6d7043208a 100644 --- a/test/build.info +++ b/test/build.info @@ -36,6 +36,7 @@ IF[{- !$disabled{tests} -}] destest mdc2test \ enginetest exptest \ evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \ + acvp_test \ v3nametest v3ext \ crltest danetest bad_dtls_test lhash_test sparse_array_test \ conf_include_test params_api_test params_conversion_test \ @@ -145,6 +146,12 @@ IF[{- !$disabled{tests} -}] INCLUDE[evp_pkey_provided_test]=../include ../apps/include DEPEND[evp_pkey_provided_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{acvp-tests} -}] + SOURCE[acvp_test]=acvp_test.c + INCLUDE[acvp_test]=../include ../apps/include + DEPEND[acvp_test]=../libcrypto.a libtestutil.a + ENDIF + IF[{- !$disabled{'deprecated-3.0'} -}] PROGRAMS{noinst}=igetest bftest casttest diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c index c0b8e67871..632cead926 100644 --- a/test/ffc_internal_test.c +++ b/test/ffc_internal_test.c @@ -189,42 +189,40 @@ static int ffc_params_validate_g_unverified_test(void) ffc_params_set0_pqg(¶ms, p, q, NULL); p = NULL; q = NULL; - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - EVP_sha256(), - FFC_PARAMS_VALIDATE_G, &res, - NULL))) + ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G); + ffc_set_digest(¶ms, "SHA256", NULL); + + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; ffc_params_set0_pqg(¶ms, p, q, g); g = NULL; - if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - EVP_sha256(), - FFC_PARAMS_VALIDATE_G, &res, - NULL))) + if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* incorrect g */ BN_add_word(g1, 1); - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - EVP_sha256(), - FFC_PARAMS_VALIDATE_G, &res, - NULL))) + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* fail if g < 2 */ BN_set_word(g1, 1); - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - EVP_sha256(), - FFC_PARAMS_VALIDATE_G, &res, - NULL))) + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; BN_copy(g1, p1); /* Fail if g >= p */ - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - EVP_sha256(), - FFC_PARAMS_VALIDATE_G, &res, - NULL))) + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; ret = 1; @@ -255,10 +253,12 @@ static int ffc_params_validate_pq_test(void) /* No p */ ffc_params_set0_pqg(¶ms, NULL, q, NULL); q = NULL; - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - EVP_sha224(), - FFC_PARAMS_VALIDATE_PQ, &res, - NULL))) + ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_PQ); + ffc_set_digest(¶ms, "SHA224", NULL); + + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* Test valid case */ @@ -267,40 +267,36 @@ static int ffc_params_validate_pq_test(void) ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed, sizeof(dsa_2048_224_sha224_seed), dsa_2048_224_sha224_counter); - if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - EVP_sha224(), - FFC_PARAMS_VALIDATE_PQ, &res, - NULL))) + if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* Bad counter - so p is not prime */ ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed, sizeof(dsa_2048_224_sha224_seed), 1); - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - EVP_sha224(), - FFC_PARAMS_VALIDATE_PQ, &res, - NULL))) + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* seedlen smaller than N */ ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_seed, sizeof(dsa_2048_224_sha224_seed)-1, dsa_2048_224_sha224_counter); - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - EVP_sha224(), - FFC_PARAMS_VALIDATE_PQ, &res, - NULL))) + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* Provided seed doesnt produce a valid prime q */ ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed, sizeof(dsa_2048_224_sha224_bad_seed), dsa_2048_224_sha224_counter); - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - EVP_sha224(), - FFC_PARAMS_VALIDATE_PQ, &res, - NULL))) + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; if (!TEST_ptr(p = BN_bin2bn(dsa_3072_256_sha512_p, @@ -314,21 +310,20 @@ static int ffc_params_validate_pq_test(void) ffc_params_set0_pqg(¶ms, p, q, NULL); p = q = NULL; + ffc_set_digest(¶ms, "SHA512", NULL); ffc_params_set_validate_params(¶ms, dsa_3072_256_sha512_seed, sizeof(dsa_3072_256_sha512_seed), dsa_3072_256_sha512_counter); /* Q doesn't div P-1 */ - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - EVP_sha512(), - FFC_PARAMS_VALIDATE_PQ, &res, - NULL))) + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* Bad L/N for FIPS DH */ - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH, - EVP_sha512(), - FFC_PARAMS_VALIDATE_PQ, &res, - NULL))) + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DH, + &res, NULL))) goto err; ret = 1; @@ -347,13 +342,13 @@ static int ffc_params_gen_test(void) FFC_PARAMS params; ffc_params_init(¶ms); - if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms, FFC_PARAM_TYPE_DH, - 2048, 256, NULL, &res, NULL))) + if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms, + FFC_PARAM_TYPE_DH, + 2048, 256, &res, NULL))) goto err; - if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH, - NULL, - FFC_PARAMS_VALIDATE_ALL, &res, - NULL))) + if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DH, + &res, NULL))) goto err; ret = 1; @@ -369,13 +364,13 @@ static int ffc_params_gen_canonicalg_test(void) ffc_params_init(¶ms); params.gindex = 1; - if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms, FFC_PARAM_TYPE_DH, - 2048, 256, NULL, &res, NULL))) + if (!TEST_true(ffc_params_FIPS186_4_generate(NULL, ¶ms, + FFC_PARAM_TYPE_DH, + 2048, 256, &res, NULL))) goto err; - if (!TEST_true(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH, - NULL, - FFC_PARAMS_VALIDATE_ALL, &res, - NULL))) + if (!TEST_true(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DH, + &res, NULL))) goto err; if (!TEST_true(ffc_params_print(bio_out, ¶ms, 4))) @@ -396,19 +391,18 @@ static int ffc_params_fips186_2_gen_validate_test(void) ffc_params_init(¶ms); if (!TEST_ptr(bn = BN_new())) goto err; - if (!TEST_true(ffc_params_FIPS186_2_generate(NULL, ¶ms, FFC_PARAM_TYPE_DH, - 1024, 160, NULL, &res, NULL))) + if (!TEST_true(ffc_params_FIPS186_2_generate(NULL, ¶ms, + FFC_PARAM_TYPE_DH, + 1024, 160, &res, NULL))) goto err; - if (!TEST_true(ffc_params_FIPS186_2_validate(¶ms, FFC_PARAM_TYPE_DH, - NULL, - FFC_PARAMS_VALIDATE_ALL, &res, - NULL))) + if (!TEST_true(ffc_params_FIPS186_2_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DH, + &res, NULL))) goto err; /* FIPS 186-4 L,N pair test will fail for DH */ - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DH, - NULL, - FFC_PARAMS_VALIDATE_ALL, &res, - NULL))) + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DH, + &res, NULL))) goto err; if (!TEST_int_eq(res, FFC_CHECK_BAD_LN_PAIR)) goto err; @@ -417,20 +411,19 @@ static int ffc_params_fips186_2_gen_validate_test(void) * The fips186-2 generation should produce a different q compared to * fips 186-4 given the same seed value. So validation of q will fail. */ - if (!TEST_false(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - NULL, - FFC_PARAMS_VALIDATE_ALL, &res, - NULL))) + if (!TEST_false(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL))) goto err; /* As the params are randomly generated the error is one of the following */ if (!TEST_true(res == FFC_CHECK_Q_MISMATCH || res == FFC_CHECK_Q_NOT_PRIME)) goto err; + ffc_params_set_flags(¶ms, FFC_PARAM_FLAG_VALIDATE_G); /* Partially valid g test will still pass */ - if (!TEST_int_eq(ffc_params_FIPS186_4_validate(¶ms, FFC_PARAM_TYPE_DSA, - NULL, - FFC_PARAMS_VALIDATE_G, &res, - NULL), 2)) + if (!TEST_int_eq(ffc_params_FIPS186_4_validate(NULL, ¶ms, + FFC_PARAM_TYPE_DSA, + &res, NULL), 2)) goto err; if (!TEST_true(ffc_params_print(bio_out, ¶ms, 4))) diff --git a/test/recipes/30-test_acvp.t b/test/recipes/30-test_acvp.t new file mode 100644 index 0000000000..e2e40aaa76 --- /dev/null +++ b/test/recipes/30-test_acvp.t @@ -0,0 +1,41 @@ +#! /usr/bin/env perl +# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_dir srctop_file bldtop_file); +use OpenSSL::Test::Utils; + +BEGIN { +setup("test_acvp"); +} + +my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); + +plan skip_all => "ACVP is not supported by this test" + if $no_fips || disabled("acvp_tests"); + +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; + +my $infile = bldtop_file('providers', platform->dso('fips')); + +plan tests => 2; + +ok(run(app(['openssl', 'fipsinstall', + '-out', bldtop_file('providers', 'fipsmodule.cnf'), + '-module', $infile, + '-provider_name', 'fips', '-mac_name', 'HMAC', + '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00', + '-section_name', 'fips_sect'])), + "fipsinstall"); + +ok(run(test(["acvp_test", "-config", srctop_file("test","fips.cnf")])), + "running acvp_test"); diff --git a/test/rsa_sp800_56b_test.c b/test/rsa_sp800_56b_test.c index b80df0137a..edcf4478fa 100644 --- a/test/rsa_sp800_56b_test.c +++ b/test/rsa_sp800_56b_test.c @@ -33,63 +33,6 @@ int setup_tests(void) static const unsigned char cav_e[] = { 0x01,0x00,0x01 }; -static const unsigned char cav_Xp[] = { - 0xcf,0x72,0x1b,0x9a,0xfd,0x0d,0x22,0x1a,0x74,0x50,0x97,0x22,0x76,0xd8,0xc0, - 0xc2,0xfd,0x08,0x81,0x05,0xdd,0x18,0x21,0x99,0x96,0xd6,0x5c,0x79,0xe3,0x02, - 0x81,0xd7,0x0e,0x3f,0x3b,0x34,0xda,0x61,0xc9,0x2d,0x84,0x86,0x62,0x1e,0x3d, - 0x5d,0xbf,0x92,0x2e,0xcd,0x35,0x3d,0x6e,0xb9,0x59,0x16,0xc9,0x82,0x50,0x41, - 0x30,0x45,0x67,0xaa,0xb7,0xbe,0xec,0xea,0x4b,0x9e,0xa0,0xc3,0x05,0xb3,0x88, - 0xd4,0x4c,0xac,0xeb,0xe4,0x03,0xc6,0xca,0xcb,0xd9,0xd3,0x4e,0xf6,0x7f,0x2c, - 0x27,0x1e,0x08,0x6c,0xc2,0xd6,0x45,0x1f,0x84,0xe4,0x3c,0x97,0x19,0xde,0xb8, - 0x55,0xaf,0x0e,0xcf,0x9e,0xb0,0x9c,0x20,0xd3,0x1f,0xa8,0xd7,0x52,0xc2,0x95, - 0x1c,0x80,0x15,0x42,0x4d,0x4f,0x19,0x16 -}; -static const unsigned char cav_Xp1[] = { - 0xac,0x5f,0x7f,0x6e,0x33,0x3e,0x97,0x3a,0xb3,0x17,0x44,0xa9,0x0f,0x7a,0x54, - 0x70,0x27,0x06,0x93,0xd5,0x49,0xde,0x91,0x83,0xbc,0x8a,0x7b,0x95 -}; -static const unsigned char cav_Xp2[] = { - 0x0b,0xf6,0xe8,0x79,0x5a,0x81,0xae,0x90,0x1d,0xa4,0x38,0x74,0x9c,0x0e,0x6f, - 0xe0,0x03,0xcf,0xc4,0x53,0x16,0x32,0x17,0xf7,0x09,0x5f,0xd9 -}; -static const unsigned char cav_Xq[] = { - 0xfe,0xab,0xf2,0x7c,0x16,0x4a,0xf0,0x8d,0x31,0xc6,0x0a,0x82,0xe2,0xae,0xbb, - 0x03,0x7e,0x7b,0x20,0x4e,0x64,0xb0,0x16,0xad,0x3c,0x01,0x1a,0xd3,0x54,0xbf, - 0x2b,0xa4,0x02,0x9e,0xc3,0x0d,0x60,0x3d,0x1f,0xb9,0xc0,0x0d,0xe6,0x97,0x68, - 0xbb,0x8c,0x81,0xd5,0xc1,0x54,0x96,0x0f,0x99,0xf0,0xa8,0xa2,0xf3,0xc6,0x8e, - 0xec,0xbc,0x31,0x17,0x70,0x98,0x24,0xa3,0x36,0x51,0xa8,0x54,0xbd,0x9a,0x89, - 0x99,0x6e,0x57,0x5e,0xd0,0x39,0x86,0xc3,0xa3,0x1b,0xc7,0xcf,0xc4,0x4f,0x47, - 0x25,0x9e,0x2c,0x79,0xe1,0x2c,0xcc,0xe4,0x63,0xf4,0x02,0x84,0xf8,0xf6,0xa1, - 0x5c,0x93,0x14,0xf2,0x68,0x5f,0x3a,0x90,0x2f,0x4e,0x5e,0xf9,0x16,0x05,0xcf, - 0x21,0x63,0xca,0xfa,0xb0,0x08,0x02,0xc0 -}; -static const unsigned char cav_Xq1[] = { - 0x9b,0x02,0xd4,0xba,0xf0,0xaa,0x14,0x99,0x6d,0xc0,0xb7,0xa5,0xe1,0xd3,0x70, - 0xb6,0x5a,0xa2,0x9b,0x59,0xd5,0x8c,0x1e,0x9f,0x3f,0x9a,0xde,0xeb,0x9e,0x9c, - 0x61,0xd6,0x5a,0xe1 -}; -static const unsigned char cav_Xq2[] = { - 0x06,0x81,0x53,0xfd,0xa8,0x7b,0xa3,0x85,0x90,0x15,0x2c,0x97,0xb2,0xa0,0x17, - 0x48,0xb0,0x7f,0x0a,0x01,0x6d -}; -/* expected values */ -static const unsigned char cav_p1[] = { - 0xac,0x5f,0x7f,0x6e,0x33,0x3e,0x97,0x3a,0xb3,0x17,0x44,0xa9,0x0f,0x7a,0x54, - 0x70,0x27,0x06,0x93,0xd5,0x49,0xde,0x91,0x83,0xbc,0x8a,0x7b,0xc3 -}; -static const unsigned char cav_p2[] = { - 0x0b,0xf6,0xe8,0x79,0x5a,0x81,0xae,0x90,0x1d,0xa4,0x38,0x74,0x9c,0x0e,0x6f, - 0xe0,0x03,0xcf,0xc4,0x53,0x16,0x32,0x17,0xf7,0x09,0x5f,0xd9 -}; -static const unsigned char cav_q1[] = { - 0x9b,0x02,0xd4,0xba,0xf0,0xaa,0x14,0x99,0x6d,0xc0,0xb7,0xa5,0xe1,0xd3,0x70, - 0xb6,0x5a,0xa2,0x9b,0x59,0xd5,0x8c,0x1e,0x9f,0x3f,0x9a,0xde,0xeb,0x9e,0x9c, - 0x61,0xd6,0x5d,0x47 -}; -static const unsigned char cav_q2[] = { - 0x06,0x81,0x53,0xfd,0xa8,0x7b,0xa3,0x85,0x90,0x15,0x2c,0x97,0xb2,0xa0,0x17, - 0x48,0xb0,0x7f,0x0a,0x01,0x8f -}; static const unsigned char cav_p[] = { 0xcf,0x72,0x1b,0x9a,0xfd,0x0d,0x22,0x1a,0x74,0x50,0x97,0x22,0x76,0xd8,0xc0, 0xc2,0xfd,0x08,0x81,0x05,0xdd,0x18,0x21,0x99,0x96,0xd6,0x5c,0x79,0xe3,0x02, @@ -162,15 +105,6 @@ static BIGNUM *bn_load_new(const unsigned char *data, int sz) return ret; } -/* helper function */ -static BIGNUM *bn_load(BN_CTX *ctx, const unsigned char *data, int sz) -{ - BIGNUM *ret = BN_CTX_get(ctx); - if (ret != NULL) - BN_bin2bn(data, sz, ret); - return ret; -} - static int test_check_public_exponent(void) { int ret = 0; @@ -502,67 +436,6 @@ end: return ret; } -static int test_fips1864_keygen_kat(void) -{ - int ret = 0; - RSA *key = NULL; - BN_CTX *ctx = NULL; - BIGNUM *e, *Xp, *Xp1, *Xp2, *Xq, *Xq1, *Xq2; - BIGNUM *p1, *p2, *q1, *q2; - BIGNUM *p1_exp, *p2_exp, *q1_exp, *q2_exp; - BIGNUM *p_exp, *q_exp, *n_exp, *d_exp; - const BIGNUM *p, *q, *n, *d, *e2; - - if (!(TEST_ptr(key = RSA_new()) && TEST_ptr(ctx = BN_CTX_new()))) - goto err; - BN_CTX_start(ctx); - - e = bn_load(ctx, cav_e, sizeof(cav_e)); - Xp = bn_load(ctx, cav_Xp, sizeof(cav_Xp)); - Xp1 = bn_load(ctx, cav_Xp1, sizeof(cav_Xp1)); - Xp2 = bn_load(ctx, cav_Xp2, sizeof(cav_Xp2)); - Xq = bn_load(ctx, cav_Xq, sizeof(cav_Xq)); - Xq1 = bn_load(ctx, cav_Xq1, sizeof(cav_Xq1)); - Xq2 = bn_load(ctx, cav_Xq2, sizeof(cav_Xq2)); - p1_exp = bn_load(ctx, cav_p1, sizeof(cav_p1)); - p2_exp = bn_load(ctx, cav_p2, sizeof(cav_p2)); - q1_exp = bn_load(ctx, cav_q1, sizeof(cav_q1)); - q2_exp = bn_load(ctx, cav_q2, sizeof(cav_q2)); - p_exp = bn_load(ctx, cav_p, sizeof(cav_p)); - q_exp = bn_load(ctx, cav_q, sizeof(cav_q)); - n_exp = bn_load(ctx, cav_n, sizeof(cav_n)); - d_exp = bn_load(ctx, cav_d, sizeof(cav_d)); - p1 = BN_CTX_get(ctx); - p2 = BN_CTX_get(ctx); - q1 = BN_CTX_get(ctx); - q2 = BN_CTX_get(ctx); - ret = TEST_ptr(q2) - && TEST_true(rsa_fips186_4_gen_prob_primes(key, p1, p2, NULL, Xp, Xp1, - Xp2, q1, q2, NULL, Xq, Xq1, - Xq2, 2048, e, ctx, NULL)) - && TEST_true(rsa_sp800_56b_derive_params_from_pq(key, 2048, e, ctx)) - && TEST_BN_eq(p1_exp, p1) - && TEST_BN_eq(p2_exp, p2) - && TEST_BN_eq(q1_exp, q1) - && TEST_BN_eq(q2_exp, q2); - if (!ret) - goto err; - - RSA_get0_key(key, &n, &e2, &d); - RSA_get0_factors(key, &p, &q); - ret = TEST_BN_eq(e, e2) - && TEST_BN_eq(p_exp, p) - && TEST_BN_eq(q_exp, q) - && TEST_BN_eq(n_exp, n) - && TEST_BN_eq(d_exp, d); -err: - RSA_free(key); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ret; -} - - static int keygen_size[] = { 2048, 3072 @@ -668,7 +541,6 @@ int setup_tests(void) ADD_TEST(test_check_public_key); ADD_TEST(test_invalid_keypair); ADD_TEST(test_pq_diff); - ADD_TEST(test_fips1864_keygen_kat); ADD_ALL_TESTS(test_sp80056b_keygen, (int)OSSL_NELEM(keygen_size)); return 1; } From builds at travis-ci.com Wed Jun 17 02:10:56 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 17 Jun 2020 02:10:56 +0000 Subject: Errored: openssl/openssl#35499 (master - 5a147ab) In-Reply-To: Message-ID: <5ee97baf9e7cb_13fb1411bb7b4221955@travis-pro-tasks-84f85d74db-6v7tm.mail> Build Update for openssl/openssl ------------------------------------- Build: #35499 Status: Errored Duration: 1 hr, 47 mins, and 11 secs Commit: 5a147ab (master) Author: Dmitry Belyavskiy Message: Update gost-engine submodule to match EVP_MAC renaming [extended tests] Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12124) View the changeset: https://github.com/openssl/openssl/compare/5d8b3a3ef294...5a147abd7900 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171740961?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jun 17 04:24:09 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jun 2020 04:24:09 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1592367849.594681.13826.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): ssl/statem/libssl-shlib-statem_dtls.o \ ssl/statem/libssl-shlib-statem_lib.o \ ssl/statem/libssl-shlib-statem_srvr.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/afalg.so -Wl,--version-script=engines/afalg.ld \ engines/afalg-dso-e_afalg.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/capi.so -Wl,--version-script=engines/capi.ld \ engines/capi-dso-e_capi.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/dasync.so -Wl,--version-script=engines/dasync.ld \ engines/dasync-dso-e_dasync.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/ossltest.so -Wl,--version-script=engines/ossltest.ld \ engines/ossltest-dso-e_ossltest.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o engines/padlock.so -Wl,--version-script=engines/padlock.ld \ engines/padlock-dso-e_padlock-x86_64.o \ engines/padlock-dso-e_padlock.o \ -lcrypto -ldl -pthread clang -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic \ -o providers/legacy.so -Wl,--version-script=providers/legacy.ld \ providers/legacy-dso-legacyprov.o \ providers/liblegacy.a providers/libcommon.a providers/libnonfips.a -lcrypto -ldl -pthread rm -f fuzz/asn1parse-test rm -f fuzz/bignum-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bignum-test \ fuzz/bignum-test-bin-bignum.o \ fuzz/bignum-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/asn1parse-test \ fuzz/asn1parse-test-bin-asn1parse.o \ fuzz/asn1parse-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/bndiv-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/bndiv-test \ fuzz/bndiv-test-bin-bndiv.o \ fuzz/bndiv-test-bin-test-corpus.o \ -lcrypto -ldl -pthread rm -f fuzz/conf-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -L. \ -o fuzz/conf-test \ fuzz/conf-test-bin-conf.o fuzz/conf-test-bin-test-corpus.o \ -lcrypto -ldl -pthread ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so./libcrypto.so: undefined reference to `: undefined reference to `ESS_SIGNING_CERT_addESS_SIGNING_CERT_V2_add' ' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ess_find_cert_v2' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22677: recipe for target 'fuzz/asn1parse-test' failed make[1]: *** [fuzz/asn1parse-test] Error 1 make[1]: *** Waiting for unfinished jobs.... Makefile:22701: recipe for target 'fuzz/bignum-test' failed make[1]: *** [fuzz/bignum-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22725: recipe for target 'fuzz/bndiv-test' failed make[1]: *** [fuzz/bndiv-test] Error 1 ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_add' ./libcrypto.so: undefined reference to `ess_find_cert' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_add' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_new_init' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_get' ./libcrypto.so: undefined reference to `ESS_SIGNING_CERT_V2_get' ./libcrypto.so: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22796: recipe for target 'fuzz/conf-test' failed make[1]: *** [fuzz/conf-test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:3040: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.com Wed Jun 17 05:31:04 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 17 Jun 2020 05:31:04 +0000 Subject: Errored: openssl/openssl#35502 (master - 4f2271d) In-Reply-To: Message-ID: <5ee9aa986484_13febbf620e041335ef@travis-pro-tasks-6788c7c6d7-kglnj.mail> Build Update for openssl/openssl ------------------------------------- Build: #35502 Status: Errored Duration: 1 hr, 51 mins, and 21 secs Commit: 4f2271d (master) Author: Shane Lontis Message: Add ACVP fips module tests For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests. This PR uses a hardwired subset of these test vectors to perform similiar operations, to show the usage and prove that the API's are able to perform the required operations. It may also help with communication with the lab (i.e- The lab could add a test here to show a unworking use case - which we can then address). The EVP layer performs these tests instead of calling lower level API's as was done in the old FOM. Some of these tests require access to internals that are not normally allowed/required. The config option 'acvp_tests' (enabled by default) has been added so that this access may be removed. The mechanism has been implemented as additional OSSL_PARAM values that can be set and get. A callback mechanism did not seem to add any additional benefit. These params will not be added to the gettables lists. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11572) View the changeset: https://github.com/openssl/openssl/compare/5a147abd7900...4f2271d58a36 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171750874?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Wed Jun 17 06:01:14 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Wed, 17 Jun 2020 06:01:14 +0000 Subject: [openssl] master update Message-ID: <1592373674.093738.12861.nullmailer@dev.openssl.org> The branch master has been updated via 24b6261e5bb286fa494e7208a3de28365e0ca004 (commit) via ae93e8c21ec089aa23d30df1787308ae9c2fd18d (commit) from 4f2271d58a36b2aee125062ffb9626c6208fa394 (commit) - Log ----------------------------------------------------------------- commit 24b6261e5bb286fa494e7208a3de28365e0ca004 Author: Pauli Date: Mon Jun 15 08:13:43 2020 +1000 coverity 1464213: API usage errors (PRINTF_ARGS) Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12149) commit ae93e8c21ec089aa23d30df1787308ae9c2fd18d Author: Pauli Date: Mon Jun 15 08:11:13 2020 +1000 coverity 1464212, 1464214 & 1464215: Resource leaks Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12149) ----------------------------------------------------------------------- Summary of changes: apps/dsaparam.c | 3 +++ apps/lib/http_server.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index dfcaf38ca9..5fd906a069 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -212,6 +212,9 @@ int dsaparam_main(int argc, char **argv) print_bignum_var(bio_out, p, "dsap", bits_p, data); print_bignum_var(bio_out, q, "dsaq", bits_p, data); print_bignum_var(bio_out, g, "dsag", bits_p, data); + BN_free(p); + BN_free(q); + BN_free(g); BIO_printf(bio_out, " DSA *dsa = DSA_new();\n" " BIGNUM *p, *q, *g;\n" "\n"); diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c index 11f0b1fcb5..5c009b9990 100644 --- a/apps/lib/http_server.c +++ b/apps/lib/http_server.c @@ -397,7 +397,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, log_message(prog, LOG_ERR, "Error parsing request"); } else if (ppath != NULL && (*ppath = OPENSSL_strdup(url)) == NULL) { log_message(prog, LOG_ERR, - "Out of memory allocating %d bytes", strlen(url) + 1); + "Out of memory allocating %zu bytes", strlen(url) + 1); ASN1_item_free(req, it); goto fatal; } From openssl at openssl.org Wed Jun 17 06:43:08 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jun 2020 06:43:08 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1592376188.829113.30228.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=201, Tests=1902, 739 wallclock secs ( 9.37 usr 1.16 sys + 684.90 cusr 45.72 csys = 741.15 CPU) Result: FAIL Makefile:3028: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3026: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Jun 17 07:07:15 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jun 2020 07:07:15 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1592377635.866049.7163.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=201, Tests=2002, 829 wallclock secs ( 9.04 usr 1.48 sys + 730.64 cusr 51.76 csys = 792.92 CPU) Result: FAIL Makefile:3101: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3099: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Wed Jun 17 09:40:19 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 17 Jun 2020 09:40:19 +0000 Subject: Errored: openssl/openssl#35506 (master - 24b6261) In-Reply-To: Message-ID: <5ee9e5031fa6e_13f811efbb2a4247370@travis-pro-tasks-5db7cbff68-h49qm.mail> Build Update for openssl/openssl ------------------------------------- Build: #35506 Status: Errored Duration: 1 hr, 49 mins, and 52 secs Commit: 24b6261 (master) Author: Pauli Message: coverity 1464213: API usage errors (PRINTF_ARGS) Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12149) View the changeset: https://github.com/openssl/openssl/compare/4f2271d58a36...24b6261e5bb2 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171786184?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jun 17 12:07:40 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jun 2020 12:07:40 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1592395660.514242.20831.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=201, Tests=1929, 845 wallclock secs ( 8.93 usr 1.28 sys + 751.14 cusr 49.64 csys = 810.99 CPU) Result: FAIL Makefile:3100: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3098: recipe for target 'tests' failed make: *** [tests] Error 2 From tmraz at fedoraproject.org Wed Jun 17 16:38:34 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Wed, 17 Jun 2020 16:38:34 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1592411914.515632.23666.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via e705b920bf9a6737b5abcb57ca14824959e1e630 (commit) from 4151e303a488c53613f7b8c6eae4372759d7fa35 (commit) - Log ----------------------------------------------------------------- commit e705b920bf9a6737b5abcb57ca14824959e1e630 Author: Hubert Kario Date: Fri Jun 5 20:21:55 2020 +0200 use safe primes in ssl_get_auto_dh() DH_get_1024_160() and DH_get_2048_224() return parameters from RFC5114. Those parameters include primes with known small subgroups, making them unsafe. Change the code to use parameters from RFC 2409 and RFC 3526 instead (group 2 and 14 respectively). This patch also adds automatic selection of 4096 bit params for 4096 bit RSA keys backport of 7646610 Signed-off-by: Hubert Kario Reviewed-by: Kurt Roeckx Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12160) ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 74 +++++++++++++++++++++++++++++++----------------------------- 1 file changed, 38 insertions(+), 36 deletions(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 76b4baa388..48d46f8a48 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2439,46 +2439,48 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) #ifndef OPENSSL_NO_DH DH *ssl_get_auto_dh(SSL *s) { + DH *dhp = NULL; + BIGNUM *p = NULL, *g = NULL; int dh_secbits = 80; - if (s->cert->dh_tmp_auto == 2) - return DH_get_1024_160(); - if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { - if (s->s3->tmp.new_cipher->strength_bits == 256) - dh_secbits = 128; - else - dh_secbits = 80; - } else { - if (s->s3->tmp.cert == NULL) - return NULL; - dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); + if (s->cert->dh_tmp_auto != 2) { + if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) { + if (s->s3->tmp.new_cipher->strength_bits == 256) + dh_secbits = 128; + else + dh_secbits = 80; + } else { + if (s->s3->tmp.cert == NULL) + return NULL; + dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey); + } } - if (dh_secbits >= 128) { - DH *dhp = DH_new(); - BIGNUM *p, *g; - if (dhp == NULL) - return NULL; - g = BN_new(); - if (g == NULL || !BN_set_word(g, 2)) { - DH_free(dhp); - BN_free(g); - return NULL; - } - if (dh_secbits >= 192) - p = BN_get_rfc3526_prime_8192(NULL); - else - p = BN_get_rfc3526_prime_3072(NULL); - if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { - DH_free(dhp); - BN_free(p); - BN_free(g); - return NULL; - } - return dhp; + dhp = DH_new(); + if (dhp == NULL) + return NULL; + g = BN_new(); + if (g == NULL || !BN_set_word(g, 2)) { + DH_free(dhp); + BN_free(g); + return NULL; + } + if (dh_secbits >= 192) + p = BN_get_rfc3526_prime_8192(NULL); + else if (dh_secbits >= 152) + p = BN_get_rfc3526_prime_4096(NULL); + else if (dh_secbits >= 128) + p = BN_get_rfc3526_prime_3072(NULL); + else if (dh_secbits >= 112) + p = BN_get_rfc3526_prime_2048(NULL); + else + p = BN_get_rfc2409_prime_1024(NULL); + if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) { + DH_free(dhp); + BN_free(p); + BN_free(g); + return NULL; } - if (dh_secbits >= 112) - return DH_get_2048_224(); - return DH_get_1024_160(); + return dhp; } #endif From openssl at openssl.org Wed Jun 17 19:52:36 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jun 2020 19:52:36 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1592423556.472291.9146.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=201, Tests=2005, 820 wallclock secs ( 8.90 usr 1.38 sys + 725.36 cusr 50.15 csys = 785.79 CPU) Result: FAIL Makefile:3103: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3101: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Jun 17 22:11:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 17 Jun 2020 22:11:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1592431915.295035.10832.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled 70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 65-test_cmp_vfy.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=201, Tests=1732, 750 wallclock secs ( 6.98 usr 1.13 sys + 665.01 cusr 41.65 csys = 714.77 CPU) Result: FAIL Makefile:2350: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2348: recipe for target 'tests' failed make: *** [tests] Error 2 From shane.lontis at oracle.com Wed Jun 17 23:04:45 2020 From: shane.lontis at oracle.com (shane.lontis at oracle.com) Date: Wed, 17 Jun 2020 23:04:45 +0000 Subject: [openssl] master update Message-ID: <1592435085.901413.29823.nullmailer@dev.openssl.org> The branch master has been updated via b75f08cb13ca2e03946e0beeaac2e0ffa0d2aae7 (commit) from 24b6261e5bb286fa494e7208a3de28365e0ca004 (commit) - Log ----------------------------------------------------------------- commit b75f08cb13ca2e03946e0beeaac2e0ffa0d2aae7 Author: Shane Lontis Date: Thu Jun 18 09:03:32 2020 +1000 Fix segfault in openssl app called with no args. This is a result of removal of interactive mode. Redirected it to now use 'openssl help'. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12164) ----------------------------------------------------------------------- Summary of changes: apps/openssl.c | 9 +++++++-- test/recipes/{04-test_hexstring.t => 20-test_app.t} | 16 +++++++++++++--- 2 files changed, 20 insertions(+), 5 deletions(-) copy test/recipes/{04-test_hexstring.t => 20-test_app.t} (58%) diff --git a/apps/openssl.c b/apps/openssl.c index 7b0ccbcc09..4c97936824 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -308,6 +308,13 @@ int help_main(int argc, char **argv) char *prog; HELP_CHOICE o; DISPLAY_COLUMNS dc; + char *new_argv[3]; + + if (argc == 0) { + new_argv[0] = "help"; + new_argv[1] = NULL; + return do_cmd(prog_init(), 1, new_argv); + } prog = opt_init(argc, argv, help_options); while ((o = opt_next()) != OPT_hEOF) { @@ -323,8 +330,6 @@ int help_main(int argc, char **argv) } if (opt_num_rest() == 1) { - char *new_argv[3]; - new_argv[0] = opt_rest()[0]; new_argv[1] = "--help"; new_argv[2] = NULL; diff --git a/test/recipes/04-test_hexstring.t b/test/recipes/20-test_app.t similarity index 58% copy from test/recipes/04-test_hexstring.t copy to test/recipes/20-test_app.t index 664868fe60..e7246565f2 100644 --- a/test/recipes/04-test_hexstring.t +++ b/test/recipes/20-test_app.t @@ -7,9 +7,19 @@ # https://www.openssl.org/source/license.html use strict; +use warnings; + use OpenSSL::Test; -use OpenSSL::Test::Simple; -setup("test_hexstring"); +setup("test_app"); + +plan tests => 3; + +ok(run(app(["openssl"])), + "Run openssl app with no args"); + +ok(run(app(["openssl", "help"])), + "Run openssl app with help"); -simple_test("test_hexstring", "hexstr_test"); +ok(!run(app(["openssl", "-help"])), + "Run openssl app with incorrect arg"); From builds at travis-ci.com Thu Jun 18 03:15:37 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 18 Jun 2020 03:15:37 +0000 Subject: Errored: openssl/openssl#35530 (master - b75f08c) In-Reply-To: Message-ID: <5eeadc592c775_13fec018a6c542626e2@travis-pro-tasks-7f9bcc58ff-7tsr2.mail> Build Update for openssl/openssl ------------------------------------- Build: #35530 Status: Errored Duration: 1 hr, 47 mins, and 28 secs Commit: b75f08c (master) Author: Shane Lontis Message: Fix segfault in openssl app called with no args. This is a result of removal of interactive mode. Redirected it to now use 'openssl help'. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12164) View the changeset: https://github.com/openssl/openssl/compare/24b6261e5bb2...b75f08cb13ca View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171943004?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 18 04:11:19 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jun 2020 04:11:19 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1592453479.439512.19059.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4081: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3056: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From beldmit at gmail.com Thu Jun 18 07:11:21 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Thu, 18 Jun 2020 07:11:21 +0000 Subject: [openssl] master update Message-ID: <1592464281.207877.17863.nullmailer@dev.openssl.org> The branch master has been updated via bb361a27bafeb733417d9ab471973a333a924944 (commit) from b75f08cb13ca2e03946e0beeaac2e0ffa0d2aae7 (commit) - Log ----------------------------------------------------------------- commit bb361a27bafeb733417d9ab471973a333a924944 Author: Sebastian Andrzej Siewior Date: Wed Jun 17 00:20:40 2020 +0200 DOC: Spelling fixes Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12172) ----------------------------------------------------------------------- Summary of changes: doc/internal/man7/build.info.pod | 2 +- doc/man1/openssl-cmp.pod.in | 2 +- doc/man3/OSSL_HTTP_transfer.pod | 2 +- doc/man5/config.pod | 4 ++-- doc/man5/fips_config.pod | 2 +- doc/man5/x509v3_config.pod | 4 ++-- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/doc/internal/man7/build.info.pod b/doc/internal/man7/build.info.pod index 21aee8eb46..2049868fc6 100644 --- a/doc/internal/man7/build.info.pod +++ b/doc/internal/man7/build.info.pod @@ -282,7 +282,7 @@ verbatim. =item B<${>IBIBIB<}> Substitution reference; the variable reference is replaced with its -value, modified by replacing all occurences of I with I. +value, modified by replacing all occurrences of I with I. =back diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 89bb549c29..0d05e7fb98 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -584,7 +584,7 @@ of response messages. =item B<-cacertsout> I The file where to save any CA certificates received in the caPubs field of -Initializiation Response (IP) messages. +Initialization Response (IP) messages. =back diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod index 4459f541f3..34794c313c 100644 --- a/doc/man3/OSSL_HTTP_transfer.pod +++ b/doc/man3/OSSL_HTTP_transfer.pod @@ -186,7 +186,7 @@ optionally using proxy client credentials B and B, to connect with TLS protection ultimately to B and B. If the B argument is NULL or the empty string it defaults to "443". The B parameter is used as described above. -Since this function is typically called by appplications such as +Since this function is typically called by applications such as L it uses the B and B parameters (unless NULL) to print additional diagnostic information in a user-oriented way. diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 14b80e0b31..12a1d1043e 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -113,7 +113,7 @@ If a name is repeated in the same section, then all but the last value are ignored. In certain circumstances, such as with Certificate DNs, the same field may occur multiple times. In order to support this, commands like L ignore any -leading text that is preceeded with a period. For example: +leading text that is preceded with a period. For example: 1.OU = First OU 2.OU = Second OU @@ -198,7 +198,7 @@ containing name/value pairs of OID's. The name is the short name; the value is an optional long name followed by a comma, and the numeric value. While some OpenSSL commands have their own section for specifying OID's, -this section makes them avilable to all commands and applications. +this section makes them available to all commands and applications. [oids] shortName = a very long OID name, 1.2.3.4 diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod index 9f7650f243..5077f30ecd 100644 --- a/doc/man5/fips_config.pod +++ b/doc/man5/fips_config.pod @@ -29,7 +29,7 @@ used internally by the FIPS module during its initialization. The following options are supported. They should all appear in a section whose name is identified by the B option in the B -section, as desribed in L. +section, as described in L. =over 4 diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod index 88a336c3b4..1fbef74615 100644 --- a/doc/man5/x509v3_config.pod +++ b/doc/man5/x509v3_config.pod @@ -37,7 +37,7 @@ String extensions simply have a string which contains either the value itself or how it is obtained. Multi-valued extensions have a short form and a long form. The short form -is a commma-separated list of names and values: +is a comma-separated list of names and values: basicConstraints = critical, CA:true, pathlen:1 @@ -68,7 +68,7 @@ will produce an error but the equivalent form: is valid. -OpenSSL does not support multiple occurences of the same field within a +OpenSSL does not support multiple occurrences of the same field within a section. In this example: [extensions] From levitte at openssl.org Thu Jun 18 07:19:19 2020 From: levitte at openssl.org (Richard Levitte) Date: Thu, 18 Jun 2020 07:19:19 +0000 Subject: [openssl] master update Message-ID: <1592464759.066932.8723.nullmailer@dev.openssl.org> The branch master has been updated via 9a7319b0b0b9ddaa440b102dc8e197d267700756 (commit) from bb361a27bafeb733417d9ab471973a333a924944 (commit) - Log ----------------------------------------------------------------- commit 9a7319b0b0b9ddaa440b102dc8e197d267700756 Author: Matthias Kraft Date: Mon May 25 10:10:24 2020 +0200 Configure DEPs for FIPS provider on AIX. The binder of the AIX linker needs to be told which functions to call on loading and initializing a shared object. Therefore another configuration variable shared_fipsflag is introduced, which is appended to shared_defflag when the providers/fips module gets configured. It was suggested to refactor the line in the build file template to become more generic and less magic. There is, however, currently no suggestion how to actually achive this, so we leave a TODO comment. The possible shared_fipsflag must only be appended to the shared_def iff this code is acting on behalf of the fips provider module build. Reviewed-by: Shane Lontis Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11950) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 1 + Configurations/unix-Makefile.tmpl | 3 ++- providers/fips/self_test.c | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index a44a74cb32..3332f03765 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1164,6 +1164,7 @@ my %targets = ( module_ldflags => "-Wl,-G,-bsymbolic,-bnoentry", shared_ldflag => "-Wl,-G,-bsymbolic,-bnoentry", shared_defflag => "-Wl,-bE:", + shared_fipsflag => "-Wl,-binitfini:init:cleanup", perl_platform => 'AIX', }, "aix-gcc" => { diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 126180ace7..fc4f60770b 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -1485,7 +1485,8 @@ EOF @{$args{objs}}; my @deps = compute_lib_depends(@{$args{deps}}); my $shared_def = join("", map { ' '.$target{shared_defflag}.$_ } @defs); - + # TODO(3.0): next line needs to become "less magic" (see PR #11950) + $shared_def .= ' '.$target{shared_fipsflag} if (m/providers\/fips/ && defined $target{shared_fipsflag}); my $objs = join(" \\\n\t\t", fill_lines(' ', $COLUMNS - 16, @objs)); my $deps = join(" \\\n" . ' ' x (length($dso) + 2), fill_lines(' ', $COLUMNS - length($dso) - 2, diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c index 4619fedef5..c482544346 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c @@ -92,7 +92,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) } return TRUE; } -#elif defined(__sun) +#elif defined(__sun) || defined(_AIX) DEP_DECLARE() /* must be declared before pragma */ # define DEP_INIT_ATTRIBUTE From openssl at openssl.org Thu Jun 18 09:01:47 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jun 2020 09:01:47 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1592470907.470990.15288.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-core_numbers.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4074: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3049: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.com Thu Jun 18 09:04:32 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 18 Jun 2020 09:04:32 +0000 Subject: Errored: openssl/openssl#35541 (master - bb361a2) In-Reply-To: Message-ID: <5eeb2e205d36d_13fae827a98b81106aa@travis-pro-tasks-85b6cbc49d-kt7qk.mail> Build Update for openssl/openssl ------------------------------------- Build: #35541 Status: Errored Duration: 1 hr, 51 mins, and 47 secs Commit: bb361a2 (master) Author: Sebastian Andrzej Siewior Message: DOC: Spelling fixes Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Paul Dale Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/12172) View the changeset: https://github.com/openssl/openssl/compare/b75f08cb13ca...bb361a27bafe View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171975599?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Thu Jun 18 10:36:41 2020 From: builds at travis-ci.com (Travis CI) Date: Thu, 18 Jun 2020 10:36:41 +0000 Subject: Errored: openssl/openssl#35542 (master - 9a7319b) In-Reply-To: Message-ID: <5eeb43b8cb4df_13f91318a4e201231ab@travis-pro-tasks-85b6cbc49d-qw7wb.mail> Build Update for openssl/openssl ------------------------------------- Build: #35542 Status: Errored Duration: 2 hrs, 12 mins, and 3 secs Commit: 9a7319b (master) Author: Matthias Kraft Message: Configure DEPs for FIPS provider on AIX. The binder of the AIX linker needs to be told which functions to call on loading and initializing a shared object. Therefore another configuration variable shared_fipsflag is introduced, which is appended to shared_defflag when the providers/fips module gets configured. It was suggested to refactor the line in the build file template to become more generic and less magic. There is, however, currently no suggestion how to actually achive this, so we leave a TODO comment. The possible shared_fipsflag must only be appended to the shared_def iff this code is acting on behalf of the fips provider module build. Reviewed-by: Shane Lontis Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11950) View the changeset: https://github.com/openssl/openssl/compare/bb361a27bafe...9a7319b0b0b9 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/171976373?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jun 18 11:34:59 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jun 2020 11:34:59 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1592480099.884514.25400.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-list.d.tmp -MT apps/openssl-bin-list.o -c -o apps/openssl-bin-list.o ../openssl/apps/list.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-mac.d.tmp -MT apps/openssl-bin-mac.o -c -o apps/openssl-bin-mac.o ../openssl/apps/mac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-nseq.d.tmp -MT apps/openssl-bin-nseq.o -c -o apps/openssl-bin-nseq.o ../openssl/apps/nseq.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-ocsp.d.tmp -MT apps/openssl-bin-ocsp.o -c -o apps/openssl-bin-ocsp.o ../openssl/apps/ocsp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-openssl.d.tmp -MT apps/openssl-bin-openssl.o -c -o apps/openssl-bin-openssl.o ../openssl/apps/openssl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-passwd.d.tmp -MT apps/openssl-bin-passwd.o -c -o apps/openssl-bin-passwd.o ../openssl/apps/passwd.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs12.d.tmp -MT apps/openssl-bin-pkcs12.o -c -o apps/openssl-bin-pkcs12.o ../openssl/apps/pkcs12.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs7.d.tmp -MT apps/openssl-bin-pkcs7.o -c -o apps/openssl-bin-pkcs7.o ../openssl/apps/pkcs7.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkcs8.d.tmp -MT apps/openssl-bin-pkcs8.o -c -o apps/openssl-bin-pkcs8.o ../openssl/apps/pkcs8.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkey.d.tmp -MT apps/openssl-bin-pkey.o -c -o apps/openssl-bin-pkey.o ../openssl/apps/pkey.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyparam.d.tmp -MT apps/openssl-bin-pkeyparam.o -c -o apps/openssl-bin-pkeyparam.o ../openssl/apps/pkeyparam.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-pkeyutl.d.tmp -MT apps/openssl-bin-pkeyutl.o -c -o apps/openssl-bin-pkeyutl.o ../openssl/apps/pkeyutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-prime.d.tmp -MT apps/openssl-bin-prime.o -c -o apps/openssl-bin-prime.o ../openssl/apps/prime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-progs.d.tmp -MT apps/openssl-bin-progs.o -c -o apps/openssl-bin-progs.o apps/progs.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-provider.d.tmp -MT apps/openssl-bin-provider.o -c -o apps/openssl-bin-provider.o ../openssl/apps/provider.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rand.d.tmp -MT apps/openssl-bin-rand.o -c -o apps/openssl-bin-rand.o ../openssl/apps/rand.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rehash.d.tmp -MT apps/openssl-bin-rehash.o -c -o apps/openssl-bin-rehash.o ../openssl/apps/rehash.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-req.d.tmp -MT apps/openssl-bin-req.o -c -o apps/openssl-bin-req.o ../openssl/apps/req.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsa.d.tmp -MT apps/openssl-bin-rsa.o -c -o apps/openssl-bin-rsa.o ../openssl/apps/rsa.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-rsautl.d.tmp -MT apps/openssl-bin-rsautl.o -c -o apps/openssl-bin-rsautl.o ../openssl/apps/rsautl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_client.d.tmp -MT apps/openssl-bin-s_client.o -c -o apps/openssl-bin-s_client.o ../openssl/apps/s_client.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_server.d.tmp -MT apps/openssl-bin-s_server.o -c -o apps/openssl-bin-s_server.o ../openssl/apps/s_server.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-s_time.d.tmp -MT apps/openssl-bin-s_time.o -c -o apps/openssl-bin-s_time.o ../openssl/apps/s_time.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-sess_id.d.tmp -MT apps/openssl-bin-sess_id.o -c -o apps/openssl-bin-sess_id.o ../openssl/apps/sess_id.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-smime.d.tmp -MT apps/openssl-bin-smime.o -c -o apps/openssl-bin-smime.o ../openssl/apps/smime.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-speed.d.tmp -MT apps/openssl-bin-speed.o -c -o apps/openssl-bin-speed.o ../openssl/apps/speed.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-spkac.d.tmp -MT apps/openssl-bin-spkac.o -c -o apps/openssl-bin-spkac.o ../openssl/apps/spkac.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-srp.d.tmp -MT apps/openssl-bin-srp.o -c -o apps/openssl-bin-srp.o ../openssl/apps/srp.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-storeutl.d.tmp -MT apps/openssl-bin-storeutl.o -c -o apps/openssl-bin-storeutl.o ../openssl/apps/storeutl.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-verify.d.tmp -MT apps/openssl-bin-verify.o -c -o apps/openssl-bin-verify.o ../openssl/apps/verify.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-version.d.tmp -MT apps/openssl-bin-version.o -c -o apps/openssl-bin-version.o ../openssl/apps/version.c clang -Iapps -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/openssl-bin-x509.d.tmp -MT apps/openssl-bin-x509.o -c -o apps/openssl-bin-x509.o ../openssl/apps/x509.c rm -f fuzz/cmp-test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o fuzz/cmp-test \ fuzz/cmp-test-bin-cmp.o fuzz/cmp-test-bin-test-corpus.o \ libcrypto.a -ldl -pthread rm -f test/asn1_dsa_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_dsa_internal_test \ test/asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/asn1_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/asn1_internal_test \ test/asn1_internal_test-bin-asn1_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/bn_internal_test ${LDCMD:-clang} -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations \ -o test/bn_internal_test \ test/bn_internal_test-bin-bn_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:22808: recipe for target 'fuzz/cmp-test' failed make[1]: *** [fuzz/cmp-test] Error 1 make[1]: *** Waiting for unfinished jobs.... libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23059: recipe for target 'test/asn1_internal_test' failed make[1]: *** [test/asn1_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23029: recipe for target 'test/asn1_dsa_internal_test' failed make[1]: *** [test/asn1_dsa_internal_test] Error 1 libcrypto.a(libcrypto-lib-cms_sd.o): In function `CMS_add1_signer': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:364: undefined reference to `ESS_SIGNING_CERT_new_init' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_sd.c:370: undefined reference to `ESS_SIGNING_CERT_V2_new_init' libcrypto.a(libcrypto-lib-cms_ess.o): In function `ess_check_signing_certs': /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:71: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:82: undefined reference to `ess_find_cert' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:91: undefined reference to `ess_find_cert_v2' /home/openssl/run-checker/no-ts/../openssl/crypto/cms/cms_ess.c:102: undefined reference to `ess_find_cert_v2' clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:23257: recipe for target 'test/bn_internal_test' failed make[1]: *** [test/bn_internal_test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ts' Makefile:3027: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From openssl at openssl.org Thu Jun 18 12:22:53 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jun 2020 12:22:53 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1592482973.015370.3039.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 7 Non-zero exit status: 1 Files=201, Tests=2005, 1666 wallclock secs ( 9.50 usr 1.44 sys + 1562.50 cusr 67.33 csys = 1640.77 CPU) Result: FAIL Makefile:3101: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3099: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jun 18 12:45:48 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jun 2020 12:45:48 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1592484348.677079.11118.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=201, Tests=2005, 817 wallclock secs ( 8.30 usr 1.23 sys + 732.42 cusr 49.64 csys = 791.59 CPU) Result: FAIL Makefile:3105: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3103: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jun 18 15:26:42 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jun 2020 15:26:42 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1592494002.278777.5410.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=201, Tests=2002, 813 wallclock secs ( 8.65 usr 1.42 sys + 724.00 cusr 50.03 csys = 784.10 CPU) Result: FAIL Makefile:3089: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3087: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jun 18 18:01:27 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jun 2020 18:01:27 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1592503287.613743.25049.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=201, Tests=2004, 827 wallclock secs ( 9.27 usr 1.29 sys + 734.21 cusr 51.63 csys = 796.40 CPU) Result: FAIL Makefile:3098: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3096: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jun 18 20:17:11 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jun 2020 20:17:11 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1592511431.459432.9522.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=201, Tests=2004, 819 wallclock secs ( 9.27 usr 1.35 sys + 725.19 cusr 50.03 csys = 785.84 CPU) Result: FAIL Makefile:3092: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3090: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Thu Jun 18 21:02:25 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 18 Jun 2020 21:02:25 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1592514145.373537.24960.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 5d8b3a3ef2 Refactor BN_R_NO_INVERSE logic in internal functions e98c7350bf Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docs 3f528d0899 Add OPENSSL_strdup failure check to cpt_ctrl() in bss_acpt.c c0fff24e0d Fix err checking and mem leaks of BIO_set_conn_port and BIO_set_conn_address 9ac916c752 CMS_get0_signers() description 0800288e6e EVP: allow empty strings to EVP_Decode* functions Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=201, Tests=1926, 761 wallclock secs ( 7.73 usr 1.34 sys + 673.04 cusr 46.61 csys = 728.72 CPU) Result: FAIL Makefile:3089: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3087: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Fri Jun 19 06:00:47 2020 From: levitte at openssl.org (Richard Levitte) Date: Fri, 19 Jun 2020 06:00:47 +0000 Subject: [openssl] master update Message-ID: <1592546447.205557.10423.nullmailer@dev.openssl.org> The branch master has been updated via 6f72b210b2ae15577f0f043a371dba041e16f2a8 (commit) from 9a7319b0b0b9ddaa440b102dc8e197d267700756 (commit) - Log ----------------------------------------------------------------- commit 6f72b210b2ae15577f0f043a371dba041e16f2a8 Author: haykam821 <24855774+haykam821 at users.noreply.github.com> Date: Mon Jun 15 16:17:15 2020 -0400 Remove whitespace from 'white space' CLA: trivial Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12161) ----------------------------------------------------------------------- Summary of changes: apps/lib/win32_init.c | 2 +- crypto/asn1/asn_mime.c | 4 ++-- crypto/evp/encode.c | 2 +- crypto/perlasm/arm-xlate.pl | 2 +- crypto/perlasm/ppc-xlate.pl | 2 +- crypto/perlasm/x86_64-xlate.pl | 2 +- doc/man1/openssl-asn1parse.pod.in | 2 +- doc/man1/openssl-ca.pod.in | 4 ++-- doc/man1/openssl-req.pod.in | 4 ++-- doc/man1/openssl-ts.pod.in | 4 ++-- doc/man5/config.pod | 2 +- util/find-doc-nits | 2 +- 12 files changed, 16 insertions(+), 16 deletions(-) diff --git a/apps/lib/win32_init.c b/apps/lib/win32_init.c index 8836b3ba39..05d3c681d7 100644 --- a/apps/lib/win32_init.c +++ b/apps/lib/win32_init.c @@ -167,7 +167,7 @@ void win32_utf8argv(int *argc, char **argv[]) int in_quote = 0; if (*p == L' ' || *p == L'\t') { - p++; /* skip over white spaces */ + p++; /* skip over whitespace */ continue; } diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 4eb92d6844..dab89e57d5 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -763,7 +763,7 @@ static char *strip_ends(char *name) static char *strip_start(char *name) { char *p, c; - /* Look for first non white space or quote */ + /* Look for first non whitespace or quote */ for (p = name; (c = *p); p++) { if (c == '"') { /* Next char is start of string if non null */ @@ -784,7 +784,7 @@ static char *strip_end(char *name) char *p, c; if (!name) return NULL; - /* Look for first non white space or quote */ + /* Look for first non whitespace or quote */ for (p = name + strlen(name) - 1; p >= name; p--) { c = *p; if (c == '"') { diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 01552ac098..9c9a2836c4 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -422,7 +422,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, else table = data_ascii2bin; - /* trim white space from the start of the line. */ + /* trim whitespace from the start of the line. */ while ((n > 0) && (conv_ascii2bin(*f, table) == B64_WS)) { f++; n--; diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl index f0e495d426..a90885905c 100755 --- a/crypto/perlasm/arm-xlate.pl +++ b/crypto/perlasm/arm-xlate.pl @@ -150,7 +150,7 @@ while(my $line=<>) { if ($line =~ m/^\s*(#|@|\/\/)/) { print $line; next; } $line =~ s|/\*.*\*/||; # get rid of C-style comments... - $line =~ s|^\s+||; # ... and skip white spaces in beginning... + $line =~ s|^\s+||; # ... and skip whitespace in beginning... $line =~ s|\s+$||; # ... and at the end { diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl index 0c8009c031..136e73e8af 100755 --- a/crypto/perlasm/ppc-xlate.pl +++ b/crypto/perlasm/ppc-xlate.pl @@ -306,7 +306,7 @@ while($line=<>) { $line =~ s|[#!;].*$||; # get rid of asm-style comments... $line =~ s|/\*.*\*/||; # ... and C-style comments... - $line =~ s|^\s+||; # ... and skip white spaces in beginning... + $line =~ s|^\s+||; # ... and skip whitespaces in beginning... $line =~ s|\s+$||; # ... and at the end { diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index fdf3e5438e..1830b25565 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -1200,7 +1200,7 @@ while(defined(my $line=<>)) { $line =~ s|[#!].*$||; # get rid of asm-style comments... $line =~ s|/\*.*\*/||; # ... and C-style comments... - $line =~ s|^\s+||; # ... and skip white spaces in beginning + $line =~ s|^\s+||; # ... and skip whitespaces in beginning $line =~ s|\s+$||; # ... and at the end if (my $label=label->re(\$line)) { print $label->out(); } diff --git a/doc/man1/openssl-asn1parse.pod.in b/doc/man1/openssl-asn1parse.pod.in index 2374348561..bafcc225d9 100644 --- a/doc/man1/openssl-asn1parse.pod.in +++ b/doc/man1/openssl-asn1parse.pod.in @@ -158,7 +158,7 @@ numerical form (for example 1.2.3.4). The file passed to the B<-oid> option allows additional OIDs to be included. Each line consists of three columns, the first column is the OID in numerical format and should be followed by white space. The second column is the "short name" which is a single word followed -by white space. The final column is the rest of the line and is the +by whitespace. The final column is the rest of the line and is the "long name". Example: C<1.2.3.4 shortName A long name> diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index 35b36afbb4..22a0cb40d8 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -432,8 +432,8 @@ any) used. This specifies a file containing additional B. Each line of the file should consist of the numerical form of the -object identifier followed by white space then the short name followed -by white space and finally the long name. +object identifier followed by whitespace then the short name followed +by whitespace and finally the long name. =item B diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index ab6b3d78a2..25295d02fc 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -375,8 +375,8 @@ overridden by the B<-keyout> option. This specifies a file containing additional B. Each line of the file should consist of the numerical form of the -object identifier followed by white space then the short name followed -by white space and finally the long name. +object identifier followed by whitespace then the short name followed +by whitespace and finally the long name. =item B diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in index 10386a3fc5..e7bc607a1f 100644 --- a/doc/man1/openssl-ts.pod.in +++ b/doc/man1/openssl-ts.pod.in @@ -372,8 +372,8 @@ section can be overridden with the B<-section> command line switch. (Optional) This specifies a file containing additional B. Each line of the file should consist of the numerical form of the -object identifier followed by white space then the short name followed -by white space and finally the long name. (Optional) +object identifier followed by whitespace then the short name followed +by whitespace and finally the long name. (Optional) =item B diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 12a1d1043e..13bd526c49 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -119,7 +119,7 @@ leading text that is preceded with a period. For example: 2.OU = Second OU The B consists of the string following the B<=> character until end -of line with any leading and trailing white space removed. +of line with any leading and trailing whitespace removed. The value string undergoes variable expansion. The text C<$var> or C<${var}> inserts the value of the named variable from the current section. diff --git a/util/find-doc-nits b/util/find-doc-nits index c40a4c8052..0feb01e27c 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -901,7 +901,7 @@ sub collectnames { } foreach my $name ( @{$podinfo{names}} ) { next if $name eq ""; - err($id, "'$name' contains white space") + err($id, "'$name' contains whitespace") if $name =~ /\s/; my $name_sec = "$name($section)"; if ( !defined $name_map{$name_sec} ) { From builds at travis-ci.com Fri Jun 19 07:50:09 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 19 Jun 2020 07:50:09 +0000 Subject: Errored: openssl/openssl#35553 (master - 6f72b21) In-Reply-To: Message-ID: <5eec6e30e79fd_13f833e51625021845a@travis-pro-tasks-5b9bf86bd9-l58sk.mail> Build Update for openssl/openssl ------------------------------------- Build: #35553 Status: Errored Duration: 1 hr, 47 mins, and 42 secs Commit: 6f72b21 (master) Author: haykam821 Message: Remove whitespace from 'white space' CLA: trivial Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12161) View the changeset: https://github.com/openssl/openssl/compare/9a7319b0b0b9...6f72b210b2ae View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172162107?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Jun 19 08:07:00 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 19 Jun 2020 08:07:00 +0000 Subject: [openssl] master update Message-ID: <1592554020.308083.14457.nullmailer@dev.openssl.org> The branch master has been updated via edeaa96ae6aa9b5e0ba5fe98a7258086767a7887 (commit) from 6f72b210b2ae15577f0f043a371dba041e16f2a8 (commit) - Log ----------------------------------------------------------------- commit edeaa96ae6aa9b5e0ba5fe98a7258086767a7887 Author: Benny Baumann Date: Tue Jun 16 23:43:24 2020 +0200 Add missing section on asymmetric ciphers Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12170) ----------------------------------------------------------------------- Summary of changes: doc/man7/provider.pod | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/man7/provider.pod b/doc/man7/provider.pod index 581c33b9a4..08edb4a1dd 100644 --- a/doc/man7/provider.pod +++ b/doc/man7/provider.pod @@ -146,6 +146,14 @@ The number for this operation is B. The functions the provider can offer are described in L +=item Asymmetric Ciphers + +In the OpenSSL libraries, the corresponding method object is +B. +The number for this operation is B. +The functions the provider can offer are described in +L + =item Serialization In the OpenSSL libraries, the corresponding method object is From matt at openssl.org Fri Jun 19 09:31:19 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 19 Jun 2020 09:31:19 +0000 Subject: [openssl] master update Message-ID: <1592559079.815928.13661.nullmailer@dev.openssl.org> The branch master has been updated via 48e971dd9f88933a7f77f5051a8b79b9e17892a9 (commit) via e09f8d256f60fd0af62e510f3eaab9e9936f3a6a (commit) via db9592c1f723841586960912c387a925e4547a26 (commit) via 6136ecaa955506ff5f5fcdbc69976914418d561b (commit) via 0c13cdf835086a7bd29c32c55e7675e5a8827a31 (commit) via 260009d877bfd6fe75aef08ecf4c366127f1f78e (commit) via 90929138d73ae46fe2fa3014028ab010043af23e (commit) via 3c49e4ff519abee92d9557eca8653ab82cd5787c (commit) via 381f3f3bbc930abb98ddc6ddff847f2d55e73a0c (commit) via 023b188ca553aa4318d8e7021e3abbbb98833410 (commit) via 11a1b341f3bc6a0afe75f9432f623026624fb720 (commit) via 9d2d857f135abd281591ee0c2b58e01a710c3cea (commit) via 82ec09ec6d4e35ef359a7cb22c0cb46662f18155 (commit) via 72bfc9585891cffd29eb683ae5fb3181d62b9d33 (commit) from edeaa96ae6aa9b5e0ba5fe98a7258086767a7887 (commit) - Log ----------------------------------------------------------------- commit 48e971dd9f88933a7f77f5051a8b79b9e17892a9 Author: Matt Caswell Date: Tue Jun 16 15:30:46 2020 +0100 Create defines for TLS Group Ids Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit e09f8d256f60fd0af62e510f3eaab9e9936f3a6a Author: Matt Caswell Date: Thu Jun 11 16:47:50 2020 +0100 Don't send supported groups if no-ec and we're doing DTLS The supported_groups extension only supported EC groups in DTLS. Therefore we shouldn't send it in a no-ec build. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit db9592c1f723841586960912c387a925e4547a26 Author: Matt Caswell Date: Fri May 22 14:11:43 2020 +0100 Provider a better error message if we fail to copy parameters If EVP_PKEY_copy_parameters() failed in libssl we did not provide a very helpful error message. We provide a better one. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit 6136ecaa955506ff5f5fcdbc69976914418d561b Author: Matt Caswell Date: Fri May 22 14:09:13 2020 +0100 Make sure we save the copy function when registering a new Keymgmt If a provider had a "copy" function in the its keymgmt definition we were ignoring it. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit 0c13cdf835086a7bd29c32c55e7675e5a8827a31 Author: Matt Caswell Date: Thu May 21 17:59:47 2020 +0100 Write a test provider to test the TLS-GROUPS capability Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit 260009d877bfd6fe75aef08ecf4c366127f1f78e Author: Matt Caswell Date: Thu May 21 16:36:32 2020 +0100 Update the various SSL group getting and setting functions A number of these functions returned a NID or an array of NIDs for the groups. Now that groups can come from the providers we do not necessarily know the NID. Therefore we need to handle this in a clean way. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit 90929138d73ae46fe2fa3014028ab010043af23e Author: Matt Caswell Date: Thu May 21 16:16:41 2020 +0100 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit 3c49e4ff519abee92d9557eca8653ab82cd5787c Author: Matt Caswell Date: Thu May 21 15:57:35 2020 +0100 Add documentation about Capabilities Document the OSSL_PROVIDER_get_capabilities() function as well as the provider side support for capabilities. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit 381f3f3bbc930abb98ddc6ddff847f2d55e73a0c Author: Matt Caswell Date: Wed May 20 14:47:39 2020 +0100 Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too The previous commits made EVP_PKEY_CTX_[get|set]_group_name work for EC and DH keys. We now extend this to ECX. Even though that keys with these key types only have one group we still allow it to be explicitly set so that we have only one codepath for all keys. Setting the group name for these types of keys is optional, but if you do so it must have the correct name. Additionally we enable parameter generation for these keys. Parameters aren't actually needed for this key type, but for the same reasons as above (to ensure a single codepath for users of these algorithms) we enable it anyway. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit 023b188ca553aa4318d8e7021e3abbbb98833410 Author: Matt Caswell Date: Wed May 20 14:46:22 2020 +0100 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too The previous commit added the EVP_PKEY_CTX_[get|set]_group_name functions to work with EC groups. We now extend that to also work for DH. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit 11a1b341f3bc6a0afe75f9432f623026624fb720 Author: Matt Caswell Date: Tue May 19 15:24:25 2020 +0100 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic We rename these function to EVP_PKEY_CTX_get_group_name and EVP_PKEY_CTX_set_group_name so that they can be used for other algorithms other than EC. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit 9d2d857f135abd281591ee0c2b58e01a710c3cea Author: Matt Caswell Date: Mon May 18 23:37:18 2020 +0100 Modify libssl to discover supported groups based on available providers Now that we have added the TLS-GROUP capability to the default provider we can use that to discover the supported group list based on the loaded providers. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit 82ec09ec6d4e35ef359a7cb22c0cb46662f18155 Author: Matt Caswell Date: Mon May 18 15:13:09 2020 +0100 Add the OSSL_PROVIDER_get_capabilities() API function Provide a function to applications to query the capabilities that a provider can perform. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) commit 72bfc9585891cffd29eb683ae5fb3181d62b9d33 Author: Matt Caswell Date: Mon May 18 14:11:06 2020 +0100 Add the concept of "Capabilities" to the default and fips providers With capabilities we can query a provider about what it can do. Initially we support a "TLS-GROUP" capability. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) ----------------------------------------------------------------------- Summary of changes: crypto/dh/dh_lib.c | 4 +- crypto/ec/ec_ameth.c | 2 +- crypto/ec/ec_backend.c | 2 +- crypto/ec/ec_ctrl.c | 44 +-- crypto/err/openssl.txt | 1 + crypto/evp/evp_lib.c | 69 ++++ crypto/evp/keymgmt_meth.c | 4 + crypto/evp/p_lib.c | 2 +- crypto/evp/pmeth_gn.c | 2 +- crypto/evp/pmeth_lib.c | 8 +- crypto/ffc/ffc_backend.c | 2 +- crypto/ffc/ffc_params.c | 2 +- crypto/provider.c | 9 +- crypto/provider_core.c | 14 + doc/internal/man3/ossl_provider_new.pod | 17 +- doc/man3/EVP_PKEY_CTX_ctrl.pod | 38 +- doc/man3/EVP_PKEY_gettable_params.pod | 2 +- doc/man3/OSSL_PROVIDER.pod | 22 +- doc/man3/SSL_CTX_set1_curves.pod | 26 +- doc/man7/EVP_PKEY-DH.pod | 2 +- doc/man7/EVP_PKEY-EC.pod | 8 +- doc/man7/EVP_PKEY-X25519.pod | 6 + doc/man7/provider-base.pod | 78 +++++ include/internal/provider.h | 4 + include/internal/tlsgroups.h | 49 +++ include/openssl/core_names.h | 16 +- include/openssl/core_numbers.h | 11 +- include/openssl/ec.h | 4 - include/openssl/evp.h | 3 + include/openssl/provider.h | 4 + include/openssl/sslerr.h | 1 + providers/common/build.info | 2 +- providers/common/capabilities.c | 177 ++++++++++ providers/common/include/prov/providercommon.h | 3 + providers/defltprov.c | 2 + providers/fips/fipsprov.c | 1 + providers/fips/self_test_data.inc | 4 +- providers/implementations/keymgmt/dh_kmgmt.c | 6 +- providers/implementations/keymgmt/ec_kmgmt.c | 8 +- providers/implementations/keymgmt/ecx_kmgmt.c | 85 ++++- ssl/s3_lib.c | 93 +---- ssl/ssl_err.c | 2 + ssl/ssl_lib.c | 22 +- ssl/ssl_local.h | 54 +-- ssl/statem/extensions_clnt.c | 14 +- ssl/statem/extensions_srvr.c | 4 +- ssl/statem/statem_srvr.c | 4 +- ssl/t1_lib.c | 447 ++++++++++++++++++------ test/acvp_test.c | 12 +- test/build.info | 2 +- test/dsatest.c | 2 +- test/evp_pkey_provided_test.c | 16 +- test/filterprov.c | 9 + test/ssl-tests/20-cert-select.cnf | 2 - test/ssl-tests/20-cert-select.cnf.in | 2 - test/sslapitest.c | 58 +++ test/tls-provider.c | 466 +++++++++++++++++++++++++ util/libcrypto.num | 5 +- 58 files changed, 1596 insertions(+), 362 deletions(-) create mode 100644 include/internal/tlsgroups.h create mode 100644 providers/common/capabilities.c create mode 100644 test/tls-provider.c diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 3a523c3591..2a3921a137 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -500,7 +500,7 @@ int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen) if (name == NULL) return 0; - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, (void *)name, 0); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); @@ -531,7 +531,7 @@ int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid) if (name == NULL) return 0; - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, (void *)name, 0); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, params); diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 6ccaef3815..bde8458274 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -611,7 +611,7 @@ int ecparams_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl) if ((curve_name = OBJ_nid2sn(curve_nid)) == NULL) return 0; - if (!OSSL_PARAM_BLD_push_utf8_string(tmpl, OSSL_PKEY_PARAM_EC_NAME, curve_name, 0)) + if (!OSSL_PARAM_BLD_push_utf8_string(tmpl, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0)) return 0; } diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index fb6497b084..b12a9411d2 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -173,7 +173,7 @@ int ec_key_domparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) if (ec == NULL) return 0; - param_ec_name = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_NAME); + param_ec_name = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); if (param_ec_name == NULL) { /* explicit parameters */ diff --git a/crypto/ec/ec_ctrl.c b/crypto/ec/ec_ctrl.c index 9e12b9a159..b47d7b606c 100644 --- a/crypto/ec/ec_ctrl.c +++ b/crypto/ec/ec_ctrl.c @@ -421,48 +421,6 @@ int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm) return (int)ukmlen; } -int EVP_PKEY_CTX_set_ec_paramgen_curve_name(EVP_PKEY_CTX *ctx, - const char *name) -{ - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - OSSL_PARAM *p = params; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - if (name == NULL) - return -1; - - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_NAME, - (char *)name, 0); - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_get_ec_paramgen_curve_name(EVP_PKEY_CTX *ctx, - char *name, size_t namelen) -{ - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - OSSL_PARAM *p = params; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - if (name == NULL) - return -1; - - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_NAME, - name, namelen); - if (!EVP_PKEY_CTX_get_params(ctx, params)) - return -1; - return 1; -} - #ifndef FIPS_MODULE int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) { @@ -483,6 +441,6 @@ int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL); - return EVP_PKEY_CTX_set_ec_paramgen_curve_name(ctx, OBJ_nid2sn(nid)); + return EVP_PKEY_CTX_set_group_name(ctx, OBJ_nid2sn(nid)); } #endif diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 40148e8a2c..515dfc3f11 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -3098,6 +3098,7 @@ SSL_R_CONNECTION_TYPE_NOT_SET:144:connection type not set SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled SSL_R_COOKIE_GEN_CALLBACK_FAILURE:400:cookie gen callback failure SSL_R_COOKIE_MISMATCH:308:cookie mismatch +SSL_R_COPY_PARAMETERS_FAILED:296:copy parameters failed SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED:206:\ custom ext handler already installed SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 229485102a..ef978ec6f1 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -14,6 +14,7 @@ #include #include #include +#include #include "crypto/evp.h" #include "internal/provider.h" #include "evp_local.h" @@ -940,3 +941,71 @@ int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), OPENSSL_free(bin); return rv; } + +int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name) +{ + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + OSSL_PARAM *p = params; + + if (ctx == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + if (!EVP_PKEY_CTX_IS_GEN_OP(ctx)) { +#ifndef FIPS_MODULE + int nid; + + /* Could be a legacy key, try and convert to a ctrl */ + if (ctx->pmeth != NULL && (nid = OBJ_txt2nid(name)) != NID_undef) { +# ifndef OPENSSL_NO_DH + if (ctx->pmeth->pkey_id == EVP_PKEY_DH) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, + EVP_PKEY_OP_PARAMGEN + | EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_DH_NID, nid, NULL); +# endif +# ifndef OPENSSL_NO_EC + if (ctx->pmeth->pkey_id == EVP_PKEY_EC) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, + nid, NULL); +# endif + } +#endif + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + if (name == NULL) + return -1; + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + (char *)name, 0); + return EVP_PKEY_CTX_set_params(ctx, params); +} + +int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen) +{ + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + OSSL_PARAM *p = params; + + if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { + /* There is no legacy support for this */ + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + if (name == NULL) + return -1; + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + name, namelen); + if (!EVP_PKEY_CTX_get_params(ctx, params)) + return -1; + return 1; +} diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index b75d02f136..ab5e00dfba 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -124,6 +124,10 @@ static void *keymgmt_from_dispatch(int name_id, if (keymgmt->has == NULL) keymgmt->has = OSSL_get_OP_keymgmt_has(fns); break; + case OSSL_FUNC_KEYMGMT_COPY: + if (keymgmt->copy == NULL) + keymgmt->copy = OSSL_get_OP_keymgmt_copy(fns); + break; case OSSL_FUNC_KEYMGMT_VALIDATE: if (keymgmt->validate == NULL) keymgmt->validate = OSSL_get_OP_keymgmt_validate(fns); diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 0b067c8a8c..4dc1e0a5b2 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1000,7 +1000,7 @@ static int get_ec_curve_name_cb(const OSSL_PARAM params[], void *arg) { const OSSL_PARAM *p = NULL; - if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_NAME)) != NULL) + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME)) != NULL) return OSSL_PARAM_get_utf8_string(p, arg, 0); /* If there is no curve name, this is not an EC key */ diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 411f270b49..1ab309329d 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -228,7 +228,7 @@ int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { char curve_name[OSSL_MAX_NAME_SIZE] = ""; - if (!EVP_PKEY_get_utf8_string_param(*ppkey, OSSL_PKEY_PARAM_EC_NAME, + if (!EVP_PKEY_get_utf8_string_param(*ppkey, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, sizeof(curve_name), NULL) || strcmp(curve_name, "SM2") != 0) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index dd6556c891..52c304227b 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -605,7 +605,6 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) return 0; } -#ifndef FIPS_MODULE int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) { if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) @@ -629,6 +628,7 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) return 0; } +#ifndef FIPS_MODULE const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx) { if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) @@ -1055,16 +1055,16 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, name = OSSL_PKEY_PARAM_FFC_TYPE; value = dh_gen_type_id2name(atoi(value)); } else if (strcmp(name, "dh_param") == 0) - name = OSSL_PKEY_PARAM_DH_GROUP; + name = OSSL_PKEY_PARAM_GROUP_NAME; else if (strcmp(name, "dh_rfc5114") == 0) { - name = OSSL_PKEY_PARAM_DH_GROUP; + name = OSSL_PKEY_PARAM_GROUP_NAME; value = ffc_named_group_from_uid(atoi(value)); } else if (strcmp(name, "dh_pad") == 0) name = OSSL_EXCHANGE_PARAM_PAD; # endif # ifndef OPENSSL_NO_EC else if (strcmp(name, "ec_paramgen_curve") == 0) - name = OSSL_PKEY_PARAM_EC_NAME; + name = OSSL_PKEY_PARAM_GROUP_NAME; else if (strcmp(name, "ecdh_cofactor_mode") == 0) name = OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE; else if (strcmp(name, "ecdh_kdf_md") == 0) diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c index 49f42d70d0..6e269ebf56 100644 --- a/crypto/ffc/ffc_backend.c +++ b/crypto/ffc/ffc_backend.c @@ -27,7 +27,7 @@ int ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) if (ffc == NULL) return 0; - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GROUP); + prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); if (prm != NULL) { if (prm->data_type != OSSL_PARAM_UTF8_STRING) goto err; diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c index 0796d34337..d70aeea35b 100644 --- a/crypto/ffc/ffc_params.c +++ b/crypto/ffc/ffc_params.c @@ -265,7 +265,7 @@ int ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, if (name == NULL || !ossl_param_build_set_utf8_string(bld, params, - OSSL_PKEY_PARAM_DH_GROUP, + OSSL_PKEY_PARAM_GROUP_NAME, name)) return 0; #else diff --git a/crypto/provider.c b/crypto/provider.c index 02002a5f95..8646aef771 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -57,7 +57,6 @@ int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) return ossl_provider_get_params(prov, params); } - const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, int operation_id, int *no_cache) @@ -70,6 +69,14 @@ void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov) return ossl_provider_prov_ctx(prov); } +int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov, + const char *capability, + OSSL_CALLBACK *cb, + void *arg) +{ + return ossl_provider_get_capabilities(prov, capability, cb, arg); +} + int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name, OSSL_provider_init_fn *init_fn) { diff --git a/crypto/provider_core.c b/crypto/provider_core.c index f7af51a297..cfaa09ff7b 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -70,6 +70,7 @@ struct ossl_provider_st { OSSL_provider_teardown_fn *teardown; OSSL_provider_gettable_params_fn *gettable_params; OSSL_provider_get_params_fn *get_params; + OSSL_provider_get_capabilities_fn *get_capabilities; OSSL_provider_query_operation_fn *query_operation; /* @@ -543,6 +544,10 @@ static int provider_activate(OSSL_PROVIDER *prov) prov->get_params = OSSL_get_provider_get_params(provider_dispatch); break; + case OSSL_FUNC_PROVIDER_GET_CAPABILITIES: + prov->get_capabilities = + OSSL_get_provider_get_capabilities(provider_dispatch); + break; case OSSL_FUNC_PROVIDER_QUERY_OPERATION: prov->query_operation = OSSL_get_provider_query_operation(provider_dispatch); @@ -820,6 +825,15 @@ int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) ? 0 : prov->get_params(prov->provctx, params); } +int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, + const char *capability, + OSSL_CALLBACK *cb, + void *arg) +{ + return prov->get_capabilities == NULL + ? 0 : prov->get_capabilities(prov->provctx, capability, cb, arg); +} + const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, int operation_id, diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index 7bc5a38669..6a43c68bea 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -14,7 +14,8 @@ ossl_provider_module_name, ossl_provider_module_path, ossl_provider_library_context, ossl_provider_teardown, ossl_provider_gettable_params, ossl_provider_get_params, ossl_provider_query_operation, -ossl_provider_set_operation_bit, ossl_provider_test_operation_bit +ossl_provider_set_operation_bit, ossl_provider_test_operation_bit, +ossl_provider_get_capabilities - internal provider routines =head1 SYNOPSIS @@ -60,6 +61,10 @@ ossl_provider_set_operation_bit, ossl_provider_test_operation_bit void ossl_provider_teardown(const OSSL_PROVIDER *prov); const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov); int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); + int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, + const char *capability, + OSSL_CALLBACK *cb, + void *arg); const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, int operation_id, int *no_cache); @@ -208,6 +213,12 @@ responder. It should treat the given I array as described in L. +ossl_provider_get_capabilities() calls the provider's I function, +if the provider has one. It provides the name of the I and a +callback I parameter to call for each capability that has a matching name in +the provider. The callback gets passed OSSL_PARAM details about the capability as +well as the caller supplied argument I. + ossl_provider_query_operation() calls the provider's I function, if the provider has one. It should return an array of I for the given @@ -285,6 +296,10 @@ If this function isn't available in the provider, 0 is returned. ossl_provider_set_operation_bit() and ossl_provider_test_operation_bit() return 1 on success, or 0 on error. +ossl_provider_get_capabilities() returns 1 on success, or 0 on error. +If this function isn't available in the provider or the provider does not +support the requested capability then 0 is returned. + =head1 SEE ALSO L, L, L diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index db91f01038..1e836fc30e 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -9,6 +9,8 @@ EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, +EVP_PKEY_CTX_set_group_name, +EVP_PKEY_CTX_get_group_name, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, @@ -53,8 +55,6 @@ EVP_PKEY_CTX_set_dh_kdf_outlen, EVP_PKEY_CTX_get_dh_kdf_outlen, EVP_PKEY_CTX_set0_dh_kdf_ukm, EVP_PKEY_CTX_get0_dh_kdf_ukm, -EVP_PKEY_CTX_set_ec_paramgen_curve_name, -EVP_PKEY_CTX_get_ec_paramgen_curve_name, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set_ecdh_cofactor_mode, @@ -88,6 +88,8 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, int len); + int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name); + int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen); #include @@ -154,10 +156,6 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len #include - int EVP_PKEY_CTX_set_ec_paramgen_curve_name(EVP_PKEY_CTX *ctx, - const char *name); - int EVP_PKEY_CTX_get_ec_paramgen_curve_name(EVP_PKEY_CTX *ctx, - char *name, size_t namelen); int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); @@ -221,6 +219,15 @@ L or similar functions instead of this macro. The EVP_PKEY_CTX_set_mac_key() macro can be used with any of the algorithms supported by the L function. +EVP_PKEY_CTX_set_group_name() sets the group name to I for parameter and +key generation. For example for EC keys this will set the curve name and for +DH keys it will set the name of the finite field group. + +EVP_PKEY_CTX_get_group_name() finds the group name that's currently +set with I, and writes it to the location that I points at, as long +as its size I is large enough to store that name, including a +terminating NUL byte. + =head2 RSA parameters The EVP_PKEY_CTX_set_rsa_padding() function sets the RSA padding mode for I. @@ -524,23 +531,21 @@ by the library and should not be freed by the caller. =head2 EC parameters -EVP_PKEY_CTX_set_ec_paramgen_curve_name() sets the EC curve to I for EC -parameter generation. +Use EVP_PKEY_CTX_set_group_name() (described above) to set the curve name to +I for parameter and key generation. EVP_PKEY_CTX_set_ec_paramgen_curve_nid() does the same as -EVP_PKEY_CTX_set_ec_paramgen_curve_name(), but uses a I rather than a -name string. +EVP_PKEY_CTX_set_group_name(), but is specific to EC and uses a I rather +than a name string. -For EC parameter generation, one of EVP_PKEY_CTX_set_ec_paramgen_curve_name() +For EC parameter generation, one of EVP_PKEY_CTX_set_group_name() or EVP_PKEY_CTX_set_ec_paramgen_curve_nid() must be called or an error occurs because there is no default curve. These function can also be called to set the curve explicitly when generating an EC key. -EVP_PKEY_CTX_get_ec_paramgen_curve_name() finds the curve name that's currently -set with I, and writes it to the location that I points at, as long -as its size I is large enough to store that name, including a -terminating NUL byte. +EVP_PKEY_CTX_get_group_name() (described above) can be used to obtain the curve +name that's currently set with I. The EVP_PKEY_CTX_set_ec_param_enc() macro sets the EC parameter encoding to I when generating EC parameters or an EC key. The encoding can be @@ -642,7 +647,8 @@ From OpenSSL 3.0 they are functions. EVP_PKEY_CTX_get_rsa_oaep_md_name(), EVP_PKEY_CTX_get_rsa_mgf1_md_name(), EVP_PKEY_CTX_set_rsa_mgf1_md_name(), EVP_PKEY_CTX_set_rsa_oaep_md_name(), EVP_PKEY_CTX_set_dsa_paramgen_md_props(), EVP_PKEY_CTX_set_dsa_paramgen_gindex(), -EVP_PKEY_CTX_set_dsa_paramgen_type() and EVP_PKEY_CTX_set_dsa_paramgen_seed() +EVP_PKEY_CTX_set_dsa_paramgen_type(), EVP_PKEY_CTX_set_dsa_paramgen_seed(), +EVP_PKEY_CTX_set_group_name() and EVP_PKEY_CTX_get_group_name() were added in OpenSSL 3.0. The EVP_PKEY_CTX_set1_id(), EVP_PKEY_CTX_get1_id() and diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod index 87d25c7b99..8f6854a568 100644 --- a/doc/man3/EVP_PKEY_gettable_params.pod +++ b/doc/man3/EVP_PKEY_gettable_params.pod @@ -72,7 +72,7 @@ value. * is an EC key. */ - if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_EC_NAME, + if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, sizeof(curve_name), &len)) { /* Error */ } diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index d6f0af53c9..63633842fa 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -7,7 +7,8 @@ OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload, OSSL_PROVIDER_available, OSSL_PROVIDER_do_all, OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params, OSSL_PROVIDER_query_operation, OSSL_PROVIDER_get0_provider_ctx, -OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines +OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name, +OSSL_PROVIDER_get_capabilities - provider routines =head1 SYNOPSIS @@ -38,6 +39,12 @@ OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov); + int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov, + const char *capability, + OSSL_CALLBACK *cb, + void *arg); + + =head1 DESCRIPTION B is a type that holds internal information about @@ -104,15 +111,22 @@ have a short lifetime. OSSL_PROVIDER_name() returns the name of the given provider. +OSSL_PROVIDER_get_capabilities() provides information about the capabilities +supported by the provider specified in I with the capability name +I. For each capability of that name supported by the provider it +will call the callback I and supply a set of Bs describing the +capability. It will also pass back the argument I. For more details about +capabilities and what they can be used for please see +L. + =head1 RETURN VALUES -OSSL_PROVIDER_add() returns 1 on success, or 0 on error. +OSSL_PROVIDER_add(), OSSL_PROVIDER_unload(), OSSL_PROVIDER_get_params() and +OSSL_PROVIDER_get_capabilities() return 1 on success, or 0 on error. OSSL_PROVIDER_load() returns a pointer to a provider object on success, or B on error. -OSSL_PROVIDER_unload() returns 1 on success, or 0 on error. - OSSL_PROVIDER_available() returns 1 if the named provider is available, otherwise 0. diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod index b482daace8..3dd0c2a1b4 100644 --- a/doc/man3/SSL_CTX_set1_curves.pod +++ b/doc/man3/SSL_CTX_set1_curves.pod @@ -34,7 +34,11 @@ SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve =head1 DESCRIPTION For all of the functions below that set the supported groups there must be at -least one group in the list. +least one group in the list. A number of these functions identify groups via a +unique integer NID value. However support for some groups may be added by +external providers. In this case there will be no NID assigned for the group. +When setting such groups applications should use the "list" form of these +functions (i.e. SSL_CTX_set1_groups_list() and SSL_set1_groups_list). SSL_CTX_set1_groups() sets the supported groups for B to B groups in the array B. The array consist of all NIDs of groups in @@ -49,7 +53,8 @@ SSL_CTX_set1_groups_list() sets the supported groups for B to string B. The string is a colon separated list of group NIDs or names, for example "P-521:P-384:P-256:X25519:ffdhe2048". Currently supported groups for B are B, B, B, B, B, -B, B, B, B, B. +B, B, B, B, B. Support +for other groups may be added by external providers. SSL_set1_groups() and SSL_set1_groups_list() are similar except they set supported groups for the SSL structure B. @@ -60,17 +65,22 @@ supported groups. The B parameter can be B to simply return the number of groups for memory allocation purposes. The B array is in the form of a set of group NIDs in preference order. It can return zero if the client did not send a supported groups -extension. +extension. If a supported group NID is unknown then the value is set to the +bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group. -SSL_get_shared_group() returns shared group B for a server-side -SSL B. If B is -1 then the total number of shared groups is +SSL_get_shared_group() returns the NID of the shared group B for a +server-side SSL B. If B is -1 then the total number of shared groups is returned, which may be zero. Other than for diagnostic purposes, most applications will only be interested in the first shared group so B is normally set to zero. If the value B is out of range, -NID_undef is returned. +NID_undef is returned. If the NID for the shared group is unknown then the value +is set to the bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the +group. -SSL_get_negotiated_group() returns the negotiated group on a TLSv1.3 connection -for key exchange. This can be called by either client or server. +SSL_get_negotiated_group() returns the NID of the negotiated group on a TLSv1.3 +connection for key exchange. This can be called by either client or server. If +the NID for the shared group is unknown then the value is set to the bitwise OR +of TLSEXT_nid_unknown (0x1000000) and the id of the group. All these functions are implemented as macros. diff --git a/doc/man7/EVP_PKEY-DH.pod b/doc/man7/EVP_PKEY-DH.pod index 6720417673..f640753bfe 100644 --- a/doc/man7/EVP_PKEY-DH.pod +++ b/doc/man7/EVP_PKEY-DH.pod @@ -29,7 +29,7 @@ implementation supports the following: =over 4 -=item "group" (B) +=item "group" (B) Set or gets a string that associates a B named safe prime group with known values for I

    , I and I. diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod index 85e633ceed..ff074b949d 100644 --- a/doc/man7/EVP_PKEY-EC.pod +++ b/doc/man7/EVP_PKEY-EC.pod @@ -16,9 +16,9 @@ The following Import/Export types are available for the built-in EC algorithm: =over 4 -=item "curve-name" (B) +=item "group" (B) -The EC curve name. +The curve name. =item "use-cofactor-flag" (B) @@ -63,7 +63,7 @@ calling: EVP_PKEY_keygen_init(gctx); - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_NAME, + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, "P-256", 0); params[1] = OSSL_PARAM_construct_end(); EVP_PKEY_CTX_set_params(gctx, params); @@ -90,7 +90,7 @@ An B EC CDH (Cofactor Diffie-Hellman) key can be generated with a EVP_PKEY_keygen_init(gctx); - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_NAME, + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, "K-571", 0); /* * This curve has a cofactor that is not 1 - so setting CDH mode changes diff --git a/doc/man7/EVP_PKEY-X25519.pod b/doc/man7/EVP_PKEY-X25519.pod index ebeda8d814..2937f247f5 100644 --- a/doc/man7/EVP_PKEY-X25519.pod +++ b/doc/man7/EVP_PKEY-X25519.pod @@ -26,6 +26,12 @@ support the following. =over 4 +=item "group" (B) + +This is only supported by X25519 and X448. The group name must be "x25519" or +"x448" repsectively for those algorithms. This is only present for consistency +with other key exchange algorithms and is typically not needed. + =item "pub" (B) The public key value. diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index 081be53a0d..69183cf282 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -74,6 +74,8 @@ provider-base int operation_id, const int *no_store); const OSSL_ITEM *provider_get_reason_strings(void *provctx); + int provider_get_capabilities(void *provctx, const char *capability, + OSSL_CALLBACK *cb, void *arg); =head1 DESCRIPTION @@ -136,6 +138,7 @@ F): provider_get_params OSSL_FUNC_PROVIDER_GET_PARAMS provider_query_operation OSSL_FUNC_PROVIDER_QUERY_OPERATION provider_get_reason_strings OSSL_FUNC_PROVIDER_GET_REASON_STRINGS + provider_get_capabilities OSSL_FUNC_PROVIDER_GET_CAPABILITIES =head2 Core functions @@ -229,6 +232,15 @@ provider_get_reason_strings() should return a constant B array that provides reason strings for reason codes the provider may use when reporting errors using core_put_error(). +The provider_get_capabilities() function should call the callback I passing +it a set of Bs and the caller supplied argument I. The +Bs should provide details about the capability with the name given +in the I argument relevant for the provider context I. If a +provider supports multiple capabilities with the given name then it may call the +callback multipe times (one for each capability). Capabilities can be useful for +describing the services that a provider can offer. For further details see the +L section below. It should return 1 on success or 0 on error. + None of these functions are mandatory, but a provider is fairly useless without at least provider_query_operation(), and provider_gettable_params() is fairly useless if not accompanied by @@ -332,6 +344,72 @@ pointing at the string "foo,bar" For more information on handling parameters, see L as L. +=head1 CAPABILITIES + +Capabilties describe some of the services that a provider can offer. +Applications can query the capabilities to discover those services. + +=head3 "TLS-GROUP" Capability + +The "TLS-GROUP" capability can be queried by libssl to discover the list of +TLS groups that a provider can support. Each group supported can be used for +key exchange during a TLS handshake. TLS clients can advertise the list of +TLS groups they support in the supported_groups extension, and TLS servers can +select a group from the offered list that they also support. In this way a +provider can add to the list of groups that libssl already supports with +additional ones. + +Each TLS group that a provider supports should be described via the callback +passed in through the provider_get_capabilities function. Each group should have +the following details supplied (all are mandatory): + +=over 4 + +=item "tls-group-name" (B) + +The name of the group as given in the IANA TLS Supported Groups registry +L. + +=item "tls-group-name-internal" (B) + +The name of the group as known by the provider. This could be the same as the +"tls-group-name", but does not have to be. + +=item "tls-group-id" (B) + +The TLS group id value as given in the IANA TLS Supported Groups registry. + +=item "tls-group-alg" (B) + +The name of a Key Management algorithm that the provider offers and that should +be used with this group. Keys created should be able to support key exchange. +The algorithm must support key and parameter generation as well as the +key/parameter generation parameter, B. The group +name given via "tls-group-name-internal" above will be passed via +B when libssl wishes to generate keys/parameters. + +=item "tls-group-sec-bits" (B) + +The number of bits of security offered by keys in this group. The number of bits +should be comparable with the ones given in table 2 and 3 of the NIST SP800-57 +document. + +=item "tls-min-tls" (B) + +=item "tls-max-tls" (B) + +=item "tls-min-dtls" (B) + +=item "tls-max-dtls" (B) + +These parameters can be used to describe the minimum and maximum TLS and DTLS +versions supported by the group. The values equate to the on-the-wire encoding +of the various TLS versions. For example TLSv1.3 is 0x0304 (772 decimal), and +TLSv1.2 is 0x0303 (771 decimal). A 0 indicates that there is no defined minimum +or maximum. A -1 indicates that the group should not be used in that protocol. + +=back + =head1 EXAMPLES This is an example of a simple provider made available as a diff --git a/include/internal/provider.h b/include/internal/provider.h index d7c0926a0b..3bfc154283 100644 --- a/include/internal/provider.h +++ b/include/internal/provider.h @@ -71,6 +71,10 @@ OPENSSL_CTX *ossl_provider_library_context(const OSSL_PROVIDER *prov); void ossl_provider_teardown(const OSSL_PROVIDER *prov); const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov); int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); +int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, + const char *capability, + OSSL_CALLBACK *cb, + void *arg); const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, int operation_id, int *no_cache); diff --git a/include/internal/tlsgroups.h b/include/internal/tlsgroups.h new file mode 100644 index 0000000000..bb9832e111 --- /dev/null +++ b/include/internal/tlsgroups.h @@ -0,0 +1,49 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_TLSGROUPS_H +# define OSSL_INTERNAL_TLSGROUPS_H + +# define OSSL_TLS_GROUP_ID_sect163k1 0x0001 +# define OSSL_TLS_GROUP_ID_sect163r1 0x0002 +# define OSSL_TLS_GROUP_ID_sect163r2 0x0003 +# define OSSL_TLS_GROUP_ID_sect193r1 0x0004 +# define OSSL_TLS_GROUP_ID_sect193r2 0x0005 +# define OSSL_TLS_GROUP_ID_sect233k1 0x0006 +# define OSSL_TLS_GROUP_ID_sect233r1 0x0007 +# define OSSL_TLS_GROUP_ID_sect239k1 0x0008 +# define OSSL_TLS_GROUP_ID_sect283k1 0x0009 +# define OSSL_TLS_GROUP_ID_sect283r1 0x000A +# define OSSL_TLS_GROUP_ID_sect409k1 0x000B +# define OSSL_TLS_GROUP_ID_sect409r1 0x000C +# define OSSL_TLS_GROUP_ID_sect571k1 0x000D +# define OSSL_TLS_GROUP_ID_sect571r1 0x000E +# define OSSL_TLS_GROUP_ID_secp160k1 0x000F +# define OSSL_TLS_GROUP_ID_secp160r1 0x0010 +# define OSSL_TLS_GROUP_ID_secp160r2 0x0011 +# define OSSL_TLS_GROUP_ID_secp192k1 0x0012 +# define OSSL_TLS_GROUP_ID_secp192r1 0x0013 +# define OSSL_TLS_GROUP_ID_secp224k1 0x0014 +# define OSSL_TLS_GROUP_ID_secp224r1 0x0015 +# define OSSL_TLS_GROUP_ID_secp256k1 0x0016 +# define OSSL_TLS_GROUP_ID_secp256r1 0x0017 +# define OSSL_TLS_GROUP_ID_secp384r1 0x0018 +# define OSSL_TLS_GROUP_ID_secp521r1 0x0019 +# define OSSL_TLS_GROUP_ID_brainpoolP256r1 0x001A +# define OSSL_TLS_GROUP_ID_brainpoolP384r1 0x001B +# define OSSL_TLS_GROUP_ID_brainpoolP512r1 0x001C +# define OSSL_TLS_GROUP_ID_x25519 0x001D +# define OSSL_TLS_GROUP_ID_x448 0x001E +# define OSSL_TLS_GROUP_ID_ffdhe2048 0x0100 +# define OSSL_TLS_GROUP_ID_ffdhe3072 0x0101 +# define OSSL_TLS_GROUP_ID_ffdhe4096 0x0102 +# define OSSL_TLS_GROUP_ID_ffdhe6144 0x0103 +# define OSSL_TLS_GROUP_ID_ffdhe8192 0x0104 + +#endif diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index fa6b7a9547..7da0186392 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -195,6 +195,7 @@ extern "C" { #define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest" #define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties" #define OSSL_PKEY_PARAM_TLS_ENCODED_PT "tls-encoded-pt" +#define OSSL_PKEY_PARAM_GROUP_NAME "group" /* Diffie-Hellman/DSA public/private key */ #define OSSL_PKEY_PARAM_PUB_KEY "pub" @@ -217,12 +218,10 @@ extern "C" { #define OSSL_FFC_PARAM_VALIDATE_PQG "validate-pqg" /* Diffie-Hellman params */ -#define OSSL_PKEY_PARAM_DH_GROUP "group" #define OSSL_PKEY_PARAM_DH_GENERATOR "safeprime-generator" #define OSSL_PKEY_PARAM_DH_PRIV_LEN "priv_len" /* Elliptic Curve Domain Parameters */ -#define OSSL_PKEY_PARAM_EC_NAME "curve-name" #define OSSL_PKEY_PARAM_EC_PUB_X "qx" #define OSSL_PKEY_PARAM_EC_PUB_Y "qy" @@ -384,6 +383,19 @@ extern "C" { #define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2" #define OSSL_SIGNATURE_PARAM_KAT "kat" +/* Capabilities */ + +/* TLS-GROUP Capbility */ +#define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name" +#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal" +#define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id" +#define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg" +#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits" +#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls" +#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls" +#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls" +#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls" + # ifdef __cplusplus } # endif diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index f7025d1c1d..667bb21ffb 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -154,20 +154,23 @@ OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK ** void **cbarg)) /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ -# define OSSL_FUNC_PROVIDER_TEARDOWN 1024 +# define OSSL_FUNC_PROVIDER_TEARDOWN 1024 OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx)) -# define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS 1025 +# define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS 1025 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, provider_gettable_params,(void *provctx)) -# define OSSL_FUNC_PROVIDER_GET_PARAMS 1026 +# define OSSL_FUNC_PROVIDER_GET_PARAMS 1026 OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx, OSSL_PARAM params[])) -# define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 +# define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, (void *provctx, int operation_id, int *no_store)) # define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1028 OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, (void *provctx)) +# define OSSL_FUNC_PROVIDER_GET_CAPABILITIES 1029 +OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx, + const char *capability, OSSL_CALLBACK *cb, void *arg)) /* Operations */ diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 90e109b61e..1302e27bb0 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1450,10 +1450,6 @@ DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_verify # endif # endif -int EVP_PKEY_CTX_set_ec_paramgen_curve_name(EVP_PKEY_CTX *ctx, - const char *name); -int EVP_PKEY_CTX_get_ec_paramgen_curve_name(EVP_PKEY_CTX *ctx, - char *name, size_t namelen); int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); # define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 9ce2f5e2ac..2b39d613b0 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1886,6 +1886,9 @@ int EVP_str2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), int EVP_hex2ctrl(int (*cb)(void *ctx, int cmd, void *buf, size_t buflen), void *ctx, int cmd, const char *hex); +int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name); +int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen); + # ifdef __cplusplus } # endif diff --git a/include/openssl/provider.h b/include/openssl/provider.h index e9a1408675..cb5fc9f8bf 100644 --- a/include/openssl/provider.h +++ b/include/openssl/provider.h @@ -29,6 +29,10 @@ int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx, const OSSL_PARAM *OSSL_PROVIDER_gettable_params(const OSSL_PROVIDER *prov); int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); +int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov, + const char *capability, + OSSL_CALLBACK *cb, + void *arg); const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, int operation_id, diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index bbce792c72..c15a17f96f 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -525,6 +525,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 # define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 # define SSL_R_COOKIE_MISMATCH 308 +# define SSL_R_COPY_PARAMETERS_FAILED 296 # define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 # define SSL_R_DANE_ALREADY_ENABLED 172 # define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 diff --git a/providers/common/build.info b/providers/common/build.info index c49b090227..14add72dd6 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1,6 +1,6 @@ SUBDIRS=der SOURCE[../libcommon.a]=provider_err.c bio_prov.c provider_ctx.c -$FIPSCOMMON=provider_util.c +$FIPSCOMMON=provider_util.c capabilities.c SOURCE[../libnonfips.a]=$FIPSCOMMON nid_to_name.c SOURCE[../libfips.a]=$FIPSCOMMON diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c new file mode 100644 index 0000000000..84d2006cee --- /dev/null +++ b/providers/common/capabilities.c @@ -0,0 +1,177 @@ +/* + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +/* For TLS1_VERSION etc */ +#include +#include +#include "internal/nelem.h" +#include "internal/tlsgroups.h" +#include "prov/providercommon.h" + +typedef struct tls_group_constants_st { + unsigned int group_id; /* Group ID */ + unsigned int secbits; /* Bits of security */ + int mintls; /* Minimum TLS version, -1 unsupported */ + int maxtls; /* Maximum TLS version (or 0 for undefined) */ + int mindtls; /* Minimum DTLS version, -1 unsupported */ + int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ +} TLS_GROUP_CONSTANTS; + +static const TLS_GROUP_CONSTANTS group_list[35] = { + { OSSL_TLS_GROUP_ID_sect163k1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect163r1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect163r2, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect193r1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect193r2, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect233k1, 112, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect233r1, 112, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect239k1, 112, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect283k1, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect283r1, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect409k1, 192, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect409r1, 192, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect571k1, 256, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_sect571r1, 256, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp160k1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp160r1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp160r2, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp192k1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp192r1, 80, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp224k1, 112, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp224r1, 112, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp256k1, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp256r1, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp384r1, 192, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp521r1, 256, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_brainpoolP256r1, 128, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_brainpoolP384r1, 192, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_brainpoolP512r1, 256, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_x25519, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_x448, 224, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + /* Security bit values as given by BN_security_bits() */ + { OSSL_TLS_GROUP_ID_ffdhe2048, 112, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_ffdhe3072, 128, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_ffdhe4096, 128, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_ffdhe6144, 128, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_ffdhe8192, 192, TLS1_3_VERSION, 0, -1, -1 }, +}; + +#define TLS_GROUP_ENTRY(tlsname, realname, algorithm, idx) \ + { \ + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME, \ + tlsname, \ + sizeof(tlsname)), \ + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL, \ + realname, \ + sizeof(realname)), \ + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, \ + algorithm, \ + sizeof(algorithm)), \ + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, \ + (unsigned int *)&group_list[idx].group_id), \ + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, \ + (unsigned int *)&group_list[idx].secbits), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, \ + (unsigned int *)&group_list[idx].mintls), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, \ + (unsigned int *)&group_list[idx].maxtls), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, \ + (unsigned int *)&group_list[idx].mindtls), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, \ + (unsigned int *)&group_list[idx].maxdtls), \ + OSSL_PARAM_END \ + } + +static const OSSL_PARAM param_group_list[][10] = { +#ifndef OPENSSL_NO_EC + TLS_GROUP_ENTRY("sect163k1", "sect163k1", "EC", 0), +# ifndef FIPS_MODULE + TLS_GROUP_ENTRY("sect163r1", "sect163r1", "EC", 1), +# endif + TLS_GROUP_ENTRY("sect163r2", "sect163r2", "EC", 2), +# ifndef FIPS_MODULE + TLS_GROUP_ENTRY("sect193r1", "sect193r1", "EC", 3), + TLS_GROUP_ENTRY("sect193r2", "sect193r2", "EC", 4), +# endif + TLS_GROUP_ENTRY("sect233k1", "sect233k1", "EC", 5), + TLS_GROUP_ENTRY("sect233r1", "sect233r1", "EC", 6), +# ifndef FIPS_MODULE + TLS_GROUP_ENTRY("sect239k1", "sect239k1", "EC", 7), +# endif + TLS_GROUP_ENTRY("sect283k1", "sect283k1", "EC", 8), + TLS_GROUP_ENTRY("sect283r1", "sect283r1", "EC", 9), + TLS_GROUP_ENTRY("sect409k1", "sect409k1", "EC", 10), + TLS_GROUP_ENTRY("sect409r1", "sect409r1", "EC", 11), + TLS_GROUP_ENTRY("sect571k1", "sect571k1", "EC", 12), + TLS_GROUP_ENTRY("sect571r1", "sect571r1", "EC", 13), +# ifndef FIPS_MODULE + TLS_GROUP_ENTRY("secp160k1", "secp160k1", "EC", 14), + TLS_GROUP_ENTRY("secp160r1", "secp160r1", "EC", 15), + TLS_GROUP_ENTRY("secp160r2", "secp160r2", "EC", 16), + TLS_GROUP_ENTRY("secp192k1", "secp192k1", "EC", 17), +# endif + TLS_GROUP_ENTRY("secp192r1", "prime192v1", "EC", 18), +# ifndef FIPS_MODULE + TLS_GROUP_ENTRY("secp224k1", "secp224k1", "EC", 19), +# endif + TLS_GROUP_ENTRY("secp224r1", "secp224r1", "EC", 20), +# ifndef FIPS_MODULE + TLS_GROUP_ENTRY("secp256k1", "secp256k1", "EC", 21), +# endif + TLS_GROUP_ENTRY("secp256r1", "prime256v1", "EC", 22), + TLS_GROUP_ENTRY("secp384r1", "secp384r1", "EC", 23), + TLS_GROUP_ENTRY("secp521r1", "secp521r1", "EC", 24), +# ifndef FIPS_MODULE + TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25), + TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26), + TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27), +# endif + TLS_GROUP_ENTRY("x25519", "x25519", "X25519", 28), + TLS_GROUP_ENTRY("x448", "x448", "X448", 29), +#endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_DH + /* Security bit values for FFDHE groups are as per RFC 7919 */ + TLS_GROUP_ENTRY("ffdhe2048", "ffdhe2048", "DH", 30), + TLS_GROUP_ENTRY("ffdhe3072", "ffdhe3072", "DH", 31), + TLS_GROUP_ENTRY("ffdhe4096", "ffdhe4096", "DH", 32), + TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 33), + TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 34), +#endif +}; + +static int tls_group_capability(OSSL_CALLBACK *cb, void *arg) +{ + size_t i; + +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_DH) && !defined(FIPS_MODULE) + assert(OSSL_NELEM(param_group_list) == OSSL_NELEM(group_list)); +#endif + for (i = 0; i < OSSL_NELEM(param_group_list); i++) + if (!cb(param_group_list[i], arg)) + return 0; + + return 1; +} + +int provider_get_capabilities(void *provctx, const char *capability, + OSSL_CALLBACK *cb, void *arg) +{ + if (strcmp(capability, "TLS-GROUP") == 0) + return tls_group_capability(cb, arg); + + /* We don't support this capability */ + return 0; +} diff --git a/providers/common/include/prov/providercommon.h b/providers/common/include/prov/providercommon.h index 07c5a67f38..b9fcf3d52e 100644 --- a/providers/common/include/prov/providercommon.h +++ b/providers/common/include/prov/providercommon.h @@ -8,6 +8,7 @@ */ #include +#include const OSSL_CORE_HANDLE *FIPS_get_core_handle(OPENSSL_CTX *ctx); @@ -15,3 +16,5 @@ const char *ossl_prov_util_nid_to_name(int nid); int cipher_capable_aes_cbc_hmac_sha1(void); int cipher_capable_aes_cbc_hmac_sha256(void); + +OSSL_provider_get_capabilities_fn provider_get_capabilities; diff --git a/providers/defltprov.c b/providers/defltprov.c index 4b15a21c0b..8e27b33fc2 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -550,6 +550,7 @@ static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id, return NULL; } + static void deflt_teardown(void *provctx) { BIO_meth_free(PROV_CTX_get0_core_bio_method(provctx)); @@ -562,6 +563,7 @@ static const OSSL_DISPATCH deflt_dispatch_table[] = { { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))deflt_gettable_params }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))deflt_get_params }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))deflt_query }, + { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))provider_get_capabilities }, { 0, NULL } }; diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 0484a54f52..9efb6af1c9 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -566,6 +566,7 @@ static const OSSL_DISPATCH fips_dispatch_table[] = { { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, + { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))provider_get_capabilities }, { 0, NULL } }; diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 431e52467c..674806edb2 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -739,7 +739,7 @@ static const unsigned char ecdh_peer_pub[] = { }; static const ST_KAT_PARAM ecdh_group[] = { - ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_EC_NAME, ecdh_curve_name), + ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecdh_curve_name), ST_KAT_PARAM_END() }; static const ST_KAT_PARAM ecdh_host_key[] = { @@ -1015,7 +1015,7 @@ static const unsigned char ecd_pub[] = { }; static const ST_KAT_PARAM ecdsa_key[] = { - ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_EC_NAME, ecd_curve_name), + ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_curve_name), ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_pub), ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_PRIV_KEY, ecd_priv), ST_KAT_PARAM_END() diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index c81d437dae..82fbdc8bb4 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -239,7 +239,7 @@ err: OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, NULL, 0) + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0) # define DH_IMEXPORTABLE_PUBLIC_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) # define DH_IMEXPORTABLE_PRIVATE_KEY \ @@ -464,7 +464,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 0; } } - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GROUP); + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING || ((gctx->group_nid = ffc_named_group_to_uid(p->data)) == NID_undef)) { @@ -518,7 +518,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) static const OSSL_PARAM *dh_gen_settable_params(void *provctx) { static OSSL_PARAM settable[] = { - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_GENERATOR, NULL), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0), diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index d926ec2bd2..0b006047d5 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -89,7 +89,7 @@ int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl, if ((curve_name = ec_curve_nid2name(curve_nid)) == NULL) return 0; if (!ossl_param_build_set_utf8_string(tmpl, params, - OSSL_PKEY_PARAM_EC_NAME, + OSSL_PKEY_PARAM_GROUP_NAME, curve_name)) return 0; @@ -412,7 +412,7 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, /* IMEXPORT = IMPORT + EXPORT */ # define EC_IMEXPORTABLE_DOM_PARAMETERS \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_NAME, NULL, 0) + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0) # define EC_IMEXPORTABLE_PUBLIC_KEY \ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) # define EC_IMEXPORTABLE_PRIVATE_KEY \ @@ -699,7 +699,7 @@ static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[]) if (!OSSL_PARAM_get_int(p, &gctx->ecdh_mode)) return 0; } - if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_NAME)) + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME)) != NULL) { const char *curve_name = NULL; int ret = 0; @@ -733,7 +733,7 @@ static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[]) static const OSSL_PARAM *ec_gen_settable_params(void *provctx) { static OSSL_PARAM settable[] = { - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_NAME, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), OSSL_PARAM_END }; diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index e5c7e8bf3a..813604f7b1 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -8,6 +8,9 @@ */ #include +#include +/* For strcasecmp on Windows */ +#include "e_os.h" #include #include #include @@ -66,6 +69,7 @@ static OSSL_OP_keymgmt_export_types_fn ecx_imexport_types; struct ecx_gen_ctx { OPENSSL_CTX *libctx; ECX_KEY_TYPE type; + int selection; }; #ifdef S390X_EC_ASM @@ -404,12 +408,10 @@ static void *ecx_gen_init(void *provctx, int selection, ECX_KEY_TYPE type) OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); struct ecx_gen_ctx *gctx = NULL; - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) - return NULL; - if ((gctx = OPENSSL_malloc(sizeof(*gctx))) != NULL) { gctx->libctx = libctx; gctx->type = type; + gctx->selection = selection; } return gctx; } @@ -434,6 +436,54 @@ static void *ed448_gen_init(void *provctx, int selection) return ecx_gen_init(provctx, selection, ECX_KEY_TYPE_ED448); } +static int ecx_gen_set_params(void *genctx, const OSSL_PARAM params[]) +{ + struct ecx_gen_ctx *gctx = genctx; + const OSSL_PARAM *p; + + if (gctx == NULL) + return 0; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); + if (p != NULL) { + const char *groupname = NULL; + + /* + * We optionally allow setting a group name - but each algorithm only + * support one such name, so all we do is verify that it is the one we + * expected. + */ + switch (gctx->type) { + case ECX_KEY_TYPE_X25519: + groupname = "x25519"; + break; + case ECX_KEY_TYPE_X448: + groupname = "x448"; + break; + default: + /* We only support this for key exchange at the moment */ + break; + } + if (p->data_type != OSSL_PARAM_UTF8_STRING + || groupname == NULL + || strcasecmp(p->data, groupname) != 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + } + + return 1; +} + +static const OSSL_PARAM *ecx_gen_settable_params(void *provctx) +{ + static OSSL_PARAM settable[] = { + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), + OSSL_PARAM_END + }; + return settable; +} + static void *ecx_gen(struct ecx_gen_ctx *gctx) { ECX_KEY *key; @@ -445,6 +495,11 @@ static void *ecx_gen(struct ecx_gen_ctx *gctx) ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; } + + /* If we're doing parameter generation then we just return a blank key */ + if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) + return key; + if ((privkey = ecx_key_allocate_privkey(key)) == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); goto err; @@ -472,6 +527,7 @@ static void *ecx_gen(struct ecx_gen_ctx *gctx) goto err; break; } + key->haspubkey = 1; return key; err: ecx_key_free(key); @@ -548,6 +604,9 @@ static void ecx_gen_cleanup(void *genctx) { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export }, \ { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ecx_imexport_types }, \ { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))alg##_gen_init }, \ + { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))ecx_gen_set_params }, \ + { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, \ + (void (*)(void))ecx_gen_settable_params }, \ { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))alg##_gen }, \ { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ecx_gen_cleanup }, \ { 0, NULL } \ @@ -576,6 +635,10 @@ static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx) goto err; } + /* If we're doing parameter generation then we just return a blank key */ + if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) + return key; + pubkey = key->pubkey; privkey = ecx_key_allocate_privkey(key); @@ -593,6 +656,7 @@ static void *s390x_ecx_keygen25519(struct ecx_gen_ctx *gctx) if (s390x_x25519_mul(pubkey, generator, privkey) != 1) goto err; + key->haspubkey = 1; return key; err: ecx_key_free(key); @@ -616,6 +680,10 @@ static void *s390x_ecx_keygen448(struct ecx_gen_ctx *gctx) goto err; } + /* If we're doing parameter generation then we just return a blank key */ + if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) + return key; + pubkey = key->pubkey; privkey = ecx_key_allocate_privkey(key); @@ -632,6 +700,7 @@ static void *s390x_ecx_keygen448(struct ecx_gen_ctx *gctx) if (s390x_x448_mul(pubkey, generator, privkey) != 1) goto err; + key->haspubkey = 1; return key; err: ecx_key_free(key); @@ -662,6 +731,10 @@ static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx) goto err; } + /* If we're doing parameter generation then we just return a blank key */ + if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) + return key; + pubkey = key->pubkey; privkey = ecx_key_allocate_privkey(key); @@ -690,6 +763,7 @@ static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx) goto err; pubkey[31] |= ((x_dst[0] & 0x01) << 7); + key->haspubkey = 1; return key; err: ecx_key_free(key); @@ -723,6 +797,10 @@ static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx) goto err; } + /* If we're doing parameter generation then we just return a blank key */ + if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) + return key; + pubkey = key->pubkey; privkey = ecx_key_allocate_privkey(key); @@ -758,6 +836,7 @@ static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx) pubkey[56] |= ((x_dst[0] & 0x01) << 7); EVP_MD_CTX_free(hashctx); EVP_MD_free(shake); + key->haspubkey = 1; return key; err: ecx_key_free(key); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 054fc468ed..a7f1e4d83a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3650,10 +3650,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) int *cptr = parg; for (i = 0; i < clistlen; i++) { - const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]); + const TLS_GROUP_INFO *cinf + = tls1_group_id_lookup(s->ctx, clist[i]); if (cinf != NULL) - cptr[i] = cinf->nid; + cptr[i] = tls1_group_id2nid(cinf->group_id, 1); else cptr[i] = TLSEXT_nid_unknown | clist[i]; } @@ -3666,7 +3667,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) &s->ext.supportedgroups_len, parg, larg); case SSL_CTRL_SET_GROUPS_LIST: - return tls1_set_groups_list(&s->ext.supportedgroups, + return tls1_set_groups_list(s->ctx, &s->ext.supportedgroups, &s->ext.supportedgroups_len, parg); case SSL_CTRL_GET_SHARED_GROUP: @@ -3674,11 +3675,11 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) uint16_t id = tls1_shared_group(s, larg); if (larg != -1) - return tls1_group_id2nid(id); + return tls1_group_id2nid(id, 1); return id; } case SSL_CTRL_GET_NEGOTIATED_GROUP: - ret = tls1_group_id2nid(s->s3.group_id); + ret = tls1_group_id2nid(s->s3.group_id, 1); break; #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ @@ -3963,7 +3964,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) parg, larg); case SSL_CTRL_SET_GROUPS_LIST: - return tls1_set_groups_list(&ctx->ext.supportedgroups, + return tls1_set_groups_list(ctx, &ctx->ext.supportedgroups, &ctx->ext.supportedgroups_len, parg); #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ @@ -4764,25 +4765,19 @@ EVP_PKEY *ssl_generate_pkey(SSL *s, EVP_PKEY *pm) } /* Generate a private key from a group ID */ -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) { - const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); + const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id); EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; - uint16_t gtype; -# ifndef OPENSSL_NO_DH - DH *dh = NULL; -# endif if (ginf == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, ERR_R_INTERNAL_ERROR); goto err; } - gtype = ginf->flags & TLS_GROUP_TYPE; - pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->keytype, + pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm, s->ctx->propq); if (pctx == NULL) { @@ -4795,40 +4790,11 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) ERR_R_EVP_LIB); goto err; } -# ifndef OPENSSL_NO_DH - if (gtype == TLS_GROUP_FFDHE) { - if ((pkey = EVP_PKEY_new()) == NULL - || (dh = DH_new_by_nid(ginf->nid)) == NULL - || !EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, - ERR_R_EVP_LIB); - DH_free(dh); - EVP_PKEY_free(pkey); - pkey = NULL; - goto err; - } - if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, - ERR_R_EVP_LIB); - EVP_PKEY_free(pkey); - pkey = NULL; - goto err; - } - } -# ifndef OPENSSL_NO_EC - else -# endif -# endif -# ifndef OPENSSL_NO_EC - { - if (gtype != TLS_GROUP_CURVE_CUSTOM - && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, - ERR_R_EVP_LIB); - goto err; - } + if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_EVP_LIB); + goto err; } -# endif if (EVP_PKEY_keygen(pctx, &pkey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, ERR_R_EVP_LIB); @@ -4840,7 +4806,6 @@ EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id) EVP_PKEY_CTX_free(pctx); return pkey; } -#endif /* * Generate parameters from a group ID @@ -4849,43 +4814,23 @@ EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id) { EVP_PKEY_CTX *pctx = NULL; EVP_PKEY *pkey = NULL; - const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id); - const char *pkey_ctx_name; + const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(s->ctx, id); if (ginf == NULL) goto err; - if ((ginf->flags & TLS_GROUP_TYPE) == TLS_GROUP_CURVE_CUSTOM) { - pkey = EVP_PKEY_new(); - if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid)) - return pkey; - EVP_PKEY_free(pkey); - return NULL; - } - - pkey_ctx_name = (ginf->flags & TLS_GROUP_FFDHE) != 0 ? "DH" : "EC"; - pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, pkey_ctx_name, + pctx = EVP_PKEY_CTX_new_from_name(s->ctx->libctx, ginf->algorithm, s->ctx->propq); if (pctx == NULL) goto err; if (EVP_PKEY_paramgen_init(pctx) <= 0) goto err; -# ifndef OPENSSL_NO_DH - if (ginf->flags & TLS_GROUP_FFDHE) { - if (EVP_PKEY_CTX_set_dh_nid(pctx, ginf->nid) <= 0) - goto err; - } -# ifndef OPENSSL_NO_EC - else -# endif -# endif -# ifndef OPENSSL_NO_EC - { - if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) - goto err; + if (!EVP_PKEY_CTX_set_group_name(pctx, ginf->realname)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP, + ERR_R_EVP_LIB); + goto err; } -# endif if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) { EVP_PKEY_free(pkey); pkey = NULL; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 30643c33b4..f84b3f94d8 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -109,6 +109,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_GEN_CALLBACK_FAILURE), "cookie gen callback failure"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "cookie mismatch"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COPY_PARAMETERS_FAILED), + "copy parameters failed"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED), "custom ext handler already installed"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_ALREADY_ENABLED), diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 9fb65b6825..cee888944d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2429,10 +2429,8 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) /* For some cases with ctx == NULL perform syntax checks */ if (ctx == NULL) { switch (cmd) { -#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_GROUPS_LIST: - return tls1_set_groups_list(NULL, NULL, parg); -#endif + return tls1_set_groups_list(ctx, NULL, NULL, parg); case SSL_CTRL_SET_SIGALGS_LIST: case SSL_CTRL_SET_CLIENT_SIGALGS_LIST: return tls1_set_sigalgs_list(NULL, parg, 0); @@ -3171,6 +3169,9 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, goto err2; + if (!ssl_load_groups(ret)) + goto err2; + if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) goto err; @@ -3326,6 +3327,7 @@ int SSL_CTX_up_ref(SSL_CTX *ctx) void SSL_CTX_free(SSL_CTX *a) { int i; + size_t j; if (a == NULL) return; @@ -3385,10 +3387,16 @@ void SSL_CTX_free(SSL_CTX *a) ssl_evp_md_free(a->md5); ssl_evp_md_free(a->sha1); - for (i = 0; i < SSL_ENC_NUM_IDX; i++) - ssl_evp_cipher_free(a->ssl_cipher_methods[i]); - for (i = 0; i < SSL_MD_NUM_IDX; i++) - ssl_evp_md_free(a->ssl_digest_methods[i]); + for (j = 0; j < SSL_ENC_NUM_IDX; j++) + ssl_evp_cipher_free(a->ssl_cipher_methods[j]); + for (j = 0; j < SSL_MD_NUM_IDX; j++) + ssl_evp_md_free(a->ssl_digest_methods[j]); + for (j = 0; j < a->group_list_len; j++) { + OPENSSL_free(a->group_list[j].tlsname); + OPENSSL_free(a->group_list[j].realname); + OPENSSL_free(a->group_list[j].algorithm); + } + OPENSSL_free(a->group_list); OPENSSL_free(a->sigalg_lookup_cache); diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index d2e8e23e23..58bc1f99c4 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -807,6 +807,28 @@ int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len, size_t max_size); size_t ssl_hmac_size(const SSL_HMAC *ctx); +typedef struct tls_group_info_st { + char *tlsname; /* Curve Name as in TLS specs */ + char *realname; /* Curve Name according to provider */ + char *algorithm; /* Algorithm name to fetch */ + unsigned int secbits; /* Bits of security (from SP800-57) */ + uint16_t group_id; /* Group ID */ + int mintls; /* Minimum TLS version, -1 unsupported */ + int maxtls; /* Maximum TLS version (or 0 for undefined) */ + int mindtls; /* Minimum DTLS version, -1 unsupported */ + int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ +} TLS_GROUP_INFO; + +/* flags values */ +# define TLS_GROUP_TYPE 0x0000000FU /* Mask for group type */ +# define TLS_GROUP_CURVE_PRIME 0x00000001U +# define TLS_GROUP_CURVE_CHAR2 0x00000002U +# define TLS_GROUP_CURVE_CUSTOM 0x00000004U +# define TLS_GROUP_FFDHE 0x00000008U +# define TLS_GROUP_ONLY_FOR_TLS1_3 0x00000010U + +# define TLS_GROUP_FFDHE_FOR_TLS1_3 (TLS_GROUP_FFDHE|TLS_GROUP_ONLY_FOR_TLS1_3) + struct ssl_ctx_st { OPENSSL_CTX *libctx; @@ -1160,6 +1182,10 @@ struct ssl_ctx_st { /* Cache of all sigalgs we know and whether they are available or not */ struct sigalg_lookup_st *sigalg_lookup_cache; + + TLS_GROUP_INFO *group_list; + size_t group_list_len; + size_t group_list_max_len; }; typedef struct cert_pkey_st CERT_PKEY; @@ -1783,24 +1809,6 @@ typedef struct sigalg_lookup_st { int enabled; } SIGALG_LOOKUP; -typedef struct tls_group_info_st { - int nid; /* Curve NID */ - const char *keytype; - int secbits; /* Bits of security (from SP800-57) */ - uint32_t flags; /* For group type and applicable TLS versions */ - uint16_t group_id; /* Group ID */ -} TLS_GROUP_INFO; - -/* flags values */ -# define TLS_GROUP_TYPE 0x0000000FU /* Mask for group type */ -# define TLS_GROUP_CURVE_PRIME 0x00000001U -# define TLS_GROUP_CURVE_CHAR2 0x00000002U -# define TLS_GROUP_CURVE_CUSTOM 0x00000004U -# define TLS_GROUP_FFDHE 0x00000008U -# define TLS_GROUP_ONLY_FOR_TLS1_3 0x00000010U - -# define TLS_GROUP_FFDHE_FOR_TLS1_3 (TLS_GROUP_FFDHE|TLS_GROUP_ONLY_FOR_TLS1_3) - /* * Structure containing table entry of certificate info corresponding to * CERT_PKEY entries @@ -2438,6 +2446,7 @@ __owur int ssl_x509err2alert(int type); void ssl_sort_cipher_list(void); int ssl_load_ciphers(SSL_CTX *ctx); __owur int ssl_setup_sig_algs(SSL_CTX *ctx); +int ssl_load_groups(SSL_CTX *ctx); __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, size_t len, DOWNGRADE dgrd); __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, @@ -2626,16 +2635,17 @@ __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); -__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id); -__owur int tls1_group_id2nid(uint16_t group_id); +__owur const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t curve_id); +__owur int tls1_group_id2nid(uint16_t group_id, int include_unknown); __owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves); __owur uint16_t tls1_shared_group(SSL *s, int nmatch); __owur int tls1_set_groups(uint16_t **pext, size_t *pextlen, int *curves, size_t ncurves); -__owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, +__owur int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, const char *str); __owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id); -__owur int tls_valid_group(SSL *s, uint16_t group_id, int version); +__owur int tls_valid_group(SSL *s, uint16_t group_id, int minversion, + int maxversion); __owur EVP_PKEY *ssl_generate_param_group(SSL *s, uint16_t id); # ifndef OPENSSL_NO_EC void tls1_get_formatlist(SSL *s, const unsigned char **pformats, diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index ab2d98de60..abff069ec9 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -117,7 +117,7 @@ EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, #endif #ifndef OPENSSL_NO_EC -static int use_ecc(SSL *s, int max_version) +static int use_ecc(SSL *s, int min_version, int max_version) { int i, end, ret = 0; unsigned long alg_k, alg_a; @@ -152,7 +152,7 @@ static int use_ecc(SSL *s, int max_version) for (j = 0; j < num_groups; j++) { uint16_t ctmp = pgroups[j]; - if (tls_valid_group(s, ctmp, max_version) + if (tls_valid_group(s, ctmp, min_version, max_version) && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) return 1; } @@ -174,7 +174,7 @@ EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, reason); return EXT_RETURN_FAIL; } - if (!use_ecc(s, max_version)) + if (!use_ecc(s, min_version, max_version)) return EXT_RETURN_NOT_SENT; /* Add TLS extension ECPointFormats to the ClientHello message */ @@ -211,10 +211,10 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, } #if defined(OPENSSL_NO_EC) - if (max_version < TLS1_3_VERSION) + if (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION) return EXT_RETURN_NOT_SENT; #else - if (!use_ecc(s, max_version) && max_version < TLS1_3_VERSION) + if (!use_ecc(s, min_version, max_version) && max_version < TLS1_3_VERSION) return EXT_RETURN_NOT_SENT; #endif @@ -237,7 +237,7 @@ EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, for (i = 0; i < num_groups; i++) { uint16_t ctmp = pgroups[i]; - if (tls_valid_group(s, ctmp, max_version) + if (tls_valid_group(s, ctmp, min_version, max_version) && tls_group_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) { if (!WPACKET_put_bytes_u16(pkt, ctmp)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, @@ -1907,7 +1907,7 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, skey = EVP_PKEY_new(); if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE, - ERR_R_MALLOC_FAILURE); + SSL_R_COPY_PARAMETERS_FAILED); return 0; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 3a0fee6ebc..27ddef9aaf 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1424,6 +1424,7 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, { const uint16_t *groups; size_t numgroups, i, first = 1; + int version; /* s->s3.group_id is non zero if we accepted a key_share */ if (s->s3.group_id == 0) @@ -1438,10 +1439,11 @@ EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, } /* Copy group ID if supported */ + version = SSL_version(s); for (i = 0; i < numgroups; i++) { uint16_t group = groups[i]; - if (tls_valid_group(s, group, SSL_version(s)) + if (tls_valid_group(s, group, version, version) && tls_group_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) { if (first) { /* diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 036bfadbe5..d3913e1b7d 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3147,7 +3147,7 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) ckey = EVP_PKEY_new(); if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, - SSL_R_BN_LIB); + SSL_R_COPY_PARAMETERS_FAILED); goto err; } @@ -3216,7 +3216,7 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt) ckey = EVP_PKEY_new(); if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE, - ERR_R_EVP_LIB); + SSL_R_COPY_PARAMETERS_FAILED); goto err; } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index b80ac35d3a..b2752cd03d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -21,8 +21,10 @@ #include #include #include +#include #include "internal/nelem.h" #include "internal/evp.h" +#include "internal/tlsgroups.h" #include "ssl_local.h" #include @@ -140,60 +142,54 @@ int tls1_clear(SSL *s) return 1; } -/* - * Table of group information. - */ #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) -static const TLS_GROUP_INFO nid_list[] = { -# ifndef OPENSSL_NO_EC - {NID_sect163k1, "EC", 80, TLS_GROUP_CURVE_CHAR2, 0x0001}, /* sect163k1 (1) */ - {NID_sect163r1, "EC", 80, TLS_GROUP_CURVE_CHAR2, 0x0002}, /* sect163r1 (2) */ - {NID_sect163r2, "EC", 80, TLS_GROUP_CURVE_CHAR2, 0x0003}, /* sect163r2 (3) */ - {NID_sect193r1, "EC", 80, TLS_GROUP_CURVE_CHAR2, 0x0004}, /* sect193r1 (4) */ - {NID_sect193r2, "EC", 80, TLS_GROUP_CURVE_CHAR2, 0x0005}, /* sect193r2 (5) */ - {NID_sect233k1, "EC", 112, TLS_GROUP_CURVE_CHAR2, 0x0006}, /* sect233k1 (6) */ - {NID_sect233r1, "EC", 112, TLS_GROUP_CURVE_CHAR2, 0x0007}, /* sect233r1 (7) */ - {NID_sect239k1, "EC", 112, TLS_GROUP_CURVE_CHAR2, 0x0008}, /* sect239k1 (8) */ - {NID_sect283k1, "EC", 128, TLS_GROUP_CURVE_CHAR2, 0x0009}, /* sect283k1 (9) */ - {NID_sect283r1, "EC", 128, TLS_GROUP_CURVE_CHAR2, 0x000A}, /* sect283r1 (10) */ - {NID_sect409k1, "EC", 192, TLS_GROUP_CURVE_CHAR2, 0x000B}, /* sect409k1 (11) */ - {NID_sect409r1, "EC", 192, TLS_GROUP_CURVE_CHAR2, 0x000C}, /* sect409r1 (12) */ - {NID_sect571k1, "EC", 256, TLS_GROUP_CURVE_CHAR2, 0x000D}, /* sect571k1 (13) */ - {NID_sect571r1, "EC", 256, TLS_GROUP_CURVE_CHAR2, 0x000E}, /* sect571r1 (14) */ - {NID_secp160k1, "EC", 80, TLS_GROUP_CURVE_PRIME, 0x000F}, /* secp160k1 (15) */ - {NID_secp160r1, "EC", 80, TLS_GROUP_CURVE_PRIME, 0x0010}, /* secp160r1 (16) */ - {NID_secp160r2, "EC", 80, TLS_GROUP_CURVE_PRIME, 0x0011}, /* secp160r2 (17) */ - {NID_secp192k1, "EC", 80, TLS_GROUP_CURVE_PRIME, 0x0012}, /* secp192k1 (18) */ - {NID_X9_62_prime192v1, "EC", 80, TLS_GROUP_CURVE_PRIME, 0x0013}, /* secp192r1 (19) */ - {NID_secp224k1, "EC", 112, TLS_GROUP_CURVE_PRIME, 0x0014}, /* secp224k1 (20) */ - {NID_secp224r1, "EC", 112, TLS_GROUP_CURVE_PRIME, 0x0015}, /* secp224r1 (21) */ - {NID_secp256k1, "EC", 128, TLS_GROUP_CURVE_PRIME, 0x0016}, /* secp256k1 (22) */ - {NID_X9_62_prime256v1, "EC", 128, TLS_GROUP_CURVE_PRIME, 0x0017}, /* secp256r1 (23) */ - {NID_secp384r1, "EC", 192, TLS_GROUP_CURVE_PRIME, 0x0018}, /* secp384r1 (24) */ - {NID_secp521r1, "EC", 256, TLS_GROUP_CURVE_PRIME, 0x0019}, /* secp521r1 (25) */ - {NID_brainpoolP256r1, "EC", 128, TLS_GROUP_CURVE_PRIME, 0x001A}, /* brainpoolP256r1 (26) */ - {NID_brainpoolP384r1, "EC", 192, TLS_GROUP_CURVE_PRIME, 0x001B}, /* brainpoolP384r1 (27) */ - {NID_brainpoolP512r1, "EC", 256, TLS_GROUP_CURVE_PRIME, 0x001C}, /* brainpool512r1 (28) */ - {EVP_PKEY_X25519, "X25519", 128, TLS_GROUP_CURVE_CUSTOM, 0x001D}, /* X25519 (29) */ - {EVP_PKEY_X448, "X448", 224, TLS_GROUP_CURVE_CUSTOM, 0x001E}, /* X448 (30) */ -# endif /* OPENSSL_NO_EC */ -# ifndef OPENSSL_NO_GOST - {NID_id_tc26_gost_3410_2012_256_paramSetA, "GOST_2012_256", 128, TLS_GROUP_CURVE_PRIME, 0x0022}, /* GC256A (34) */ - {NID_id_tc26_gost_3410_2012_256_paramSetB, "GOST_2012_256", 128, TLS_GROUP_CURVE_PRIME, 0x0023}, /* GC256B (35) */ - {NID_id_tc26_gost_3410_2012_256_paramSetC, "GOST_2012_256", 128, TLS_GROUP_CURVE_PRIME, 0x0024}, /* GC256C (36) */ - {NID_id_tc26_gost_3410_2012_256_paramSetD, "GOST_2012_256", 128, TLS_GROUP_CURVE_PRIME, 0x0025}, /* GC256D (37) */ - {NID_id_tc26_gost_3410_2012_512_paramSetA, "GOST_2012_512", 256, TLS_GROUP_CURVE_PRIME, 0x0026}, /* GC512A (38) */ - {NID_id_tc26_gost_3410_2012_512_paramSetB, "GOST_2012_512", 256, TLS_GROUP_CURVE_PRIME, 0x0027}, /* GC512B (39) */ - {NID_id_tc26_gost_3410_2012_512_paramSetC, "GOST_2012_512", 256, TLS_GROUP_CURVE_PRIME, 0x0028}, /* GC512C (40) */ -# endif /* OPENSSL_NO_GOST */ -# ifndef OPENSSL_NO_DH - /* Security bit values for FFDHE groups are updated as per RFC 7919 */ - {NID_ffdhe2048, "DH", 103, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0100}, /* ffdhe2048 (0x0100) */ - {NID_ffdhe3072, "DH", 125, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0101}, /* ffdhe3072 (0x0101) */ - {NID_ffdhe4096, "DH", 150, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0102}, /* ffdhe4096 (0x0102) */ - {NID_ffdhe6144, "DH", 175, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0103}, /* ffdhe6144 (0x0103) */ - {NID_ffdhe8192, "DH", 192, TLS_GROUP_FFDHE_FOR_TLS1_3, 0x0104}, /* ffdhe8192 (0x0104) */ -# endif /* OPENSSL_NO_DH */ +/* Legacy NID to group_id mapping. Only works for groups we know about */ +static struct { + int nid; + uint16_t group_id; +} nid_to_group[] = { + {NID_sect163k1, OSSL_TLS_GROUP_ID_sect163k1}, + {NID_sect163r1, OSSL_TLS_GROUP_ID_sect163r1}, + {NID_sect163r2, OSSL_TLS_GROUP_ID_sect163r2}, + {NID_sect193r1, OSSL_TLS_GROUP_ID_sect193r1}, + {NID_sect193r2, OSSL_TLS_GROUP_ID_sect193r2}, + {NID_sect233k1, OSSL_TLS_GROUP_ID_sect233k1}, + {NID_sect233r1, OSSL_TLS_GROUP_ID_sect233r1}, + {NID_sect239k1, OSSL_TLS_GROUP_ID_sect239k1}, + {NID_sect283k1, OSSL_TLS_GROUP_ID_sect283k1}, + {NID_sect283r1, OSSL_TLS_GROUP_ID_sect283r1}, + {NID_sect409k1, OSSL_TLS_GROUP_ID_sect409k1}, + {NID_sect409r1, OSSL_TLS_GROUP_ID_sect409r1}, + {NID_sect571k1, OSSL_TLS_GROUP_ID_sect571k1}, + {NID_sect571r1, OSSL_TLS_GROUP_ID_sect571r1}, + {NID_secp160k1, OSSL_TLS_GROUP_ID_secp160k1}, + {NID_secp160r1, OSSL_TLS_GROUP_ID_secp160r1}, + {NID_secp160r2, OSSL_TLS_GROUP_ID_secp160r2}, + {NID_secp192k1, OSSL_TLS_GROUP_ID_secp192k1}, + {NID_X9_62_prime192v1, OSSL_TLS_GROUP_ID_secp192r1}, + {NID_secp224k1, OSSL_TLS_GROUP_ID_secp224k1}, + {NID_secp224r1, OSSL_TLS_GROUP_ID_secp224r1}, + {NID_secp256k1, OSSL_TLS_GROUP_ID_secp256k1}, + {NID_X9_62_prime256v1, OSSL_TLS_GROUP_ID_secp256r1}, + {NID_secp384r1, OSSL_TLS_GROUP_ID_secp384r1}, + {NID_secp521r1, OSSL_TLS_GROUP_ID_secp521r1}, + {NID_brainpoolP256r1, OSSL_TLS_GROUP_ID_brainpoolP256r1}, + {NID_brainpoolP384r1, OSSL_TLS_GROUP_ID_brainpoolP384r1}, + {NID_brainpoolP512r1, OSSL_TLS_GROUP_ID_brainpoolP512r1}, + {EVP_PKEY_X25519, OSSL_TLS_GROUP_ID_x25519}, + {EVP_PKEY_X448, OSSL_TLS_GROUP_ID_x448}, + {NID_id_tc26_gost_3410_2012_256_paramSetA, 0x0022}, + {NID_id_tc26_gost_3410_2012_256_paramSetB, 0x0023}, + {NID_id_tc26_gost_3410_2012_256_paramSetC, 0x0024}, + {NID_id_tc26_gost_3410_2012_256_paramSetD, 0x0025}, + {NID_id_tc26_gost_3410_2012_512_paramSetA, 0x0026}, + {NID_id_tc26_gost_3410_2012_512_paramSetB, 0x0027}, + {NID_id_tc26_gost_3410_2012_512_paramSetC, 0x0028}, + {NID_ffdhe2048, OSSL_TLS_GROUP_ID_ffdhe2048}, + {NID_ffdhe3072, OSSL_TLS_GROUP_ID_ffdhe3072}, + {NID_ffdhe4096, OSSL_TLS_GROUP_ID_ffdhe4096}, + {NID_ffdhe6144, OSSL_TLS_GROUP_ID_ffdhe6144}, + {NID_ffdhe8192, OSSL_TLS_GROUP_ID_ffdhe8192} }; #endif @@ -241,36 +237,243 @@ static const uint16_t suiteb_curves[] = { }; #endif -const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id) +struct provider_group_data_st { + SSL_CTX *ctx; + OSSL_PROVIDER *provider; +}; + +#define TLS_GROUP_LIST_MALLOC_BLOCK_SIZE 10 +static OSSL_CALLBACK add_provider_groups; +static int add_provider_groups(const OSSL_PARAM params[], void *data) +{ + struct provider_group_data_st *pgd = data; + SSL_CTX *ctx = pgd->ctx; + OSSL_PROVIDER *provider = pgd->provider; + const OSSL_PARAM *p; + TLS_GROUP_INFO *ginf = NULL; + EVP_KEYMGMT *keymgmt; + unsigned int gid; + int ret = 0; + + if (ctx->group_list_max_len == ctx->group_list_len) { + TLS_GROUP_INFO *tmp = NULL; + + if (ctx->group_list_max_len == 0) + tmp = OPENSSL_malloc(sizeof(TLS_GROUP_INFO) + * TLS_GROUP_LIST_MALLOC_BLOCK_SIZE); + else + tmp = OPENSSL_realloc(ctx->group_list, + (ctx->group_list_max_len + + TLS_GROUP_LIST_MALLOC_BLOCK_SIZE) + * sizeof(TLS_GROUP_INFO)); + if (tmp == NULL) { + SSLerr(0, ERR_R_MALLOC_FAILURE); + return 0; + } + ctx->group_list = tmp; + memset(tmp + ctx->group_list_max_len, + 0, + sizeof(TLS_GROUP_INFO) * TLS_GROUP_LIST_MALLOC_BLOCK_SIZE); + ctx->group_list_max_len += TLS_GROUP_LIST_MALLOC_BLOCK_SIZE; + } + + ginf = &ctx->group_list[ctx->group_list_len]; + + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_NAME); + if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) { + SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + goto err; + } + ginf->tlsname = OPENSSL_strdup(p->data); + if (ginf->tlsname == NULL) { + SSLerr(0, ERR_R_MALLOC_FAILURE); + goto err; + } + + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL); + if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) { + SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + goto err; + } + ginf->realname = OPENSSL_strdup(p->data); + if (ginf->realname == NULL) { + SSLerr(0, ERR_R_MALLOC_FAILURE); + goto err; + } + + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_ID); + if (p == NULL || !OSSL_PARAM_get_uint(p, &gid) || gid > UINT16_MAX) { + SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + goto err; + } + ginf->group_id = (uint16_t)gid; + + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_ALG); + if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) { + SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + goto err; + } + ginf->algorithm = OPENSSL_strdup(p->data); + if (ginf->algorithm == NULL) { + SSLerr(0, ERR_R_MALLOC_FAILURE); + goto err; + } + + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS); + if (p == NULL || !OSSL_PARAM_get_uint(p, &ginf->secbits)) { + SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + goto err; + } + + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MIN_TLS); + if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->mintls)) { + SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + goto err; + } + + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MAX_TLS); + if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->maxtls)) { + SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS); + if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->mindtls)) { + SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + goto err; + } + + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS); + if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->maxdtls)) { + SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + goto err; + } + /* + * Now check that the algorithm is actually usable for our property query + * string. Regardless of the result we still return success because we have + * successfully processed this group, even though we may decide not to use + * it. + */ + ret = 1; + keymgmt = EVP_KEYMGMT_fetch(ctx->libctx, ginf->algorithm, ctx->propq); + if (keymgmt != NULL) { + /* + * We have successfully fetched the algorithm - however if the provider + * doesn't match this one then we ignore it. + * + * Note: We're cheating a little here. Technically if the same algorithm + * is available from more than one provider then it is undefined which + * implementation you will get back. Theoretically this could be + * different every time...we assume here that you'll always get the + * same one back if you repeat the exact same fetch. Is this a reasonable + * assumption to make (in which case perhaps we should document this + * behaviour)? + */ + if (EVP_KEYMGMT_provider(keymgmt) == provider) { + /* We have a match - so we will use this group */ + ctx->group_list_len++; + ginf = NULL; + } + EVP_KEYMGMT_free(keymgmt); + } + err: + if (ginf != NULL) { + OPENSSL_free(ginf->tlsname); + OPENSSL_free(ginf->realname); + OPENSSL_free(ginf->algorithm); + ginf->tlsname = ginf->realname = NULL; + } + return ret; +} + +static int discover_provider_groups(OSSL_PROVIDER *provider, void *vctx) +{ + struct provider_group_data_st pgd; + + pgd.ctx = vctx; + pgd.provider = provider; + return OSSL_PROVIDER_get_capabilities(provider, "TLS-GROUP", + add_provider_groups, &pgd); +} + +int ssl_load_groups(SSL_CTX *ctx) +{ + return OSSL_PROVIDER_do_all(ctx->libctx, discover_provider_groups, ctx); +} + +static uint16_t tls1_group_name2id(SSL_CTX *ctx, const char *name) { -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) size_t i; + int nid = NID_undef; - /* ECC curves from RFC 4492 and RFC 7027 FFDHE group from RFC 8446 */ - for (i = 0; i < OSSL_NELEM(nid_list); i++) { - if (nid_list[i].group_id == group_id) - return &nid_list[i]; + /* See if we can identify a nid for this name */ +#ifndef OPENSSL_NO_EC + nid = EC_curve_nist2nid(name); +#endif + if (nid == NID_undef) + nid = OBJ_sn2nid(name); + if (nid == NID_undef) + nid = OBJ_ln2nid(name); + + for (i = 0; i < ctx->group_list_len; i++) { + if (strcmp(ctx->group_list[i].tlsname, name) == 0 + || (nid != NID_undef + && nid == tls1_group_id2nid(ctx->group_list[i].group_id, + 0))) + return ctx->group_list[i].group_id; } -#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */ + + return 0; +} + +const TLS_GROUP_INFO *tls1_group_id_lookup(SSL_CTX *ctx, uint16_t group_id) +{ + size_t i; + + for (i = 0; i < ctx->group_list_len; i++) { + if (ctx->group_list[i].group_id == group_id) + return &ctx->group_list[i]; + } + return NULL; } #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) -int tls1_group_id2nid(uint16_t group_id) +int tls1_group_id2nid(uint16_t group_id, int include_unknown) { - const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(group_id); + size_t i; + + if (group_id == 0) + return NID_undef; - return ginf == NULL ? NID_undef : ginf->nid; + /* + * Return well known Group NIDs - for backwards compatibility. This won't + * work for groups we don't know about. + */ + for (i = 0; i < OSSL_NELEM(nid_to_group); i++) + { + if (nid_to_group[i].group_id == group_id) + return nid_to_group[i].nid; + } + if (!include_unknown) + return NID_undef; + return TLSEXT_nid_unknown | (int)group_id; } static uint16_t tls1_nid2group_id(int nid) { size_t i; - for (i = 0; i < OSSL_NELEM(nid_list); i++) { - if (nid_list[i].nid == nid) - return nid_list[i].group_id; + /* + * Return well known Group ids - for backwards compatibility. This won't + * work for groups we don't know about. + */ + for (i = 0; i < OSSL_NELEM(nid_to_group); i++) + { + if (nid_to_group[i].nid == nid) + return nid_to_group[i].group_id; } + return 0; } #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ @@ -318,36 +521,50 @@ void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups, #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ } -int tls_valid_group(SSL *s, uint16_t group_id, int version) +int tls_valid_group(SSL *s, uint16_t group_id, int minversion, int maxversion) { - const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(group_id); + const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group_id); + int ret; + + if (ginfo == NULL) + return 0; - if (version < TLS1_3_VERSION) { - if ((ginfo->flags & TLS_GROUP_ONLY_FOR_TLS1_3) != 0) + if (SSL_IS_DTLS(s)) { + if (ginfo->mindtls < 0 || ginfo->maxdtls < 0) return 0; + if (ginfo->maxdtls == 0) + ret = 1; + else + ret = DTLS_VERSION_LE(minversion, ginfo->maxdtls); + if (ginfo->mindtls > 0) + ret &= DTLS_VERSION_GE(maxversion, ginfo->mindtls); + } else { + if (ginfo->mintls < 0 || ginfo->maxtls < 0) + return 0; + if (ginfo->maxtls == 0) + ret = 1; + else + ret = (minversion <= ginfo->maxtls); + if (ginfo->mintls > 0) + ret &= (maxversion >= ginfo->mintls); } - return 1; + + return ret; } /* See if group is allowed by security callback */ int tls_group_allowed(SSL *s, uint16_t group, int op) { - const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(group); + const TLS_GROUP_INFO *ginfo = tls1_group_id_lookup(s->ctx, group); unsigned char gtmp[2]; if (ginfo == NULL) return 0; -#ifdef OPENSSL_NO_EC2M - if (ginfo->flags & TLS_GROUP_CURVE_CHAR2) - return 0; -#endif -#ifdef OPENSSL_NO_DH - if (ginfo->flags & TLS_GROUP_FFDHE) - return 0; -#endif + gtmp[0] = group >> 8; gtmp[1] = group & 0xff; - return ssl_security(s, op, ginfo->secbits, ginfo->nid, (void *)gtmp); + return ssl_security(s, op, ginfo->secbits, + tls1_group_id2nid(ginfo->group_id, 0), (void *)gtmp); } /* Return 1 if "id" is in "list" */ @@ -469,59 +686,65 @@ err: #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ } -#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) -# define MAX_GROUPLIST OSSL_NELEM(nid_list) +/* TODO(3.0): An arbitrary amount for now. Take another look at this */ +# define MAX_GROUPLIST 40 typedef struct { - size_t nidcnt; - int nid_arr[MAX_GROUPLIST]; -} nid_cb_st; + SSL_CTX *ctx; + size_t gidcnt; + uint16_t gid_arr[MAX_GROUPLIST]; +} gid_cb_st; -static int nid_cb(const char *elem, int len, void *arg) +static int gid_cb(const char *elem, int len, void *arg) { - nid_cb_st *narg = arg; + gid_cb_st *garg = arg; size_t i; - int nid = NID_undef; + uint16_t gid = 0; char etmp[20]; + if (elem == NULL) return 0; - if (narg->nidcnt == MAX_GROUPLIST) + if (garg->gidcnt == MAX_GROUPLIST) return 0; if (len > (int)(sizeof(etmp) - 1)) return 0; memcpy(etmp, elem, len); etmp[len] = 0; -# ifndef OPENSSL_NO_EC - nid = EC_curve_nist2nid(etmp); -# endif - if (nid == NID_undef) - nid = OBJ_sn2nid(etmp); - if (nid == NID_undef) - nid = OBJ_ln2nid(etmp); - if (nid == NID_undef) + + gid = tls1_group_name2id(garg->ctx, etmp); + if (gid == 0) return 0; - for (i = 0; i < narg->nidcnt; i++) - if (narg->nid_arr[i] == nid) + for (i = 0; i < garg->gidcnt; i++) + if (garg->gid_arr[i] == gid) return 0; - narg->nid_arr[narg->nidcnt++] = nid; + garg->gid_arr[garg->gidcnt++] = gid; return 1; } -#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ -/* Set groups based on a colon separate list */ -int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str) +/* Set groups based on a colon separated list */ +int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen, + const char *str) { -#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) - nid_cb_st ncb; - ncb.nidcnt = 0; - if (!CONF_parse_list(str, ':', 1, nid_cb, &ncb)) + gid_cb_st gcb; + uint16_t *tmparr; + + gcb.gidcnt = 0; + gcb.ctx = ctx; + if (!CONF_parse_list(str, ':', 1, gid_cb, &gcb)) return 0; if (pext == NULL) return 1; - return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt); -#else - return 0; -#endif + + /* + * gid_cb ensurse there are no duplicates so we can just go ahead and set + * the result + */ + tmparr = OPENSSL_memdup(gcb.gid_arr, gcb.gidcnt * sizeof(*tmparr)); + if (tmparr == NULL) + return 0; + *pext = tmparr; + *pextlen = gcb.gidcnt; + return 1; } /* Check a group id matches preferences */ diff --git a/test/acvp_test.c b/test/acvp_test.c index 0e3e117133..737d2c61bb 100644 --- a/test/acvp_test.c +++ b/test/acvp_test.c @@ -120,8 +120,7 @@ static int ecdsa_keygen_test(int id) if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL)) || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) - || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_name(ctx, - tst->curve_name)) + || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name)) || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0) || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv, &priv_len)) @@ -156,7 +155,7 @@ static int ecdsa_create_pkey(EVP_PKEY **pkey, const char *curve_name, if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) || (curve_name != NULL && !TEST_true(OSSL_PARAM_BLD_push_utf8_string( - bld, OSSL_PKEY_PARAM_EC_NAME, curve_name, 0) > 0)) + bld, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, 0) > 0)) || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, pub, pub_len) > 0) @@ -252,8 +251,7 @@ static int ecdsa_siggen_test(int id) if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL)) || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) - || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_name(ctx, - tst->curve_name)) + || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name)) || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)) goto err; @@ -903,7 +901,7 @@ static int dh_create_pkey(EVP_PKEY **pkey, const char *group_name, if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) || (group_name != NULL && !TEST_int_gt(OSSL_PARAM_BLD_push_utf8_string( - bld, OSSL_PKEY_PARAM_DH_GROUP, + bld, OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0), 0))) goto err; @@ -947,7 +945,7 @@ static int dh_safe_prime_keygen_test(int id) OSSL_PARAM params[2]; const struct dh_safe_prime_keygen_st *tst = &dh_safe_prime_keygen_data[id]; - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, (char *)tst->group_name, 0); params[1] = OSSL_PARAM_construct_end(); diff --git a/test/build.info b/test/build.info index 6d7043208a..430931b8e1 100644 --- a/test/build.info +++ b/test/build.info @@ -297,7 +297,7 @@ IF[{- !$disabled{tests} -}] INCLUDE[param_build_test]=../include ../apps/include DEPEND[param_build_test]=../libcrypto.a libtestutil.a - SOURCE[sslapitest]=sslapitest.c ssltestlib.c filterprov.c + SOURCE[sslapitest]=sslapitest.c ssltestlib.c filterprov.c tls-provider.c INCLUDE[sslapitest]=../include ../apps/include .. DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a diff --git a/test/dsatest.c b/test/dsatest.c index 8444ea147a..614a8ea1d8 100644 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -282,7 +282,7 @@ static int dsa_keygen_test(void) &pcount_out)) || !TEST_int_eq(pcount_out, expected_c) || !TEST_false(EVP_PKEY_get_utf8_string_param(key, - OSSL_PKEY_PARAM_DH_GROUP, + OSSL_PKEY_PARAM_GROUP_NAME, group_out, sizeof(group_out), &len))) goto end; diff --git a/test/evp_pkey_provided_test.c b/test/evp_pkey_provided_test.c index ffb56cb3ee..fd3e580d8c 100644 --- a/test/evp_pkey_provided_test.c +++ b/test/evp_pkey_provided_test.c @@ -447,7 +447,7 @@ static int test_fromdata_dh_named_group(void) || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL)) || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL)) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_DH_GROUP, + OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) @@ -464,7 +464,7 @@ static int test_fromdata_dh_named_group(void) || !TEST_int_eq(EVP_PKEY_size(pk), 256)) goto err; - if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_DH_GROUP, + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME, name_out, sizeof(name_out), &len)) || !TEST_str_eq(name_out, group_name) @@ -588,7 +588,7 @@ static int test_fromdata_dh_fips186_4(void) || !TEST_ptr(pub = BN_bin2bn(pub_data, sizeof(pub_data), NULL)) || !TEST_ptr(priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL)) || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, - OSSL_PKEY_PARAM_DH_GROUP, + OSSL_PKEY_PARAM_GROUP_NAME, group_name, 0)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) @@ -605,7 +605,7 @@ static int test_fromdata_dh_fips186_4(void) || !TEST_int_eq(EVP_PKEY_size(pk), 256)) goto err; - if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_DH_GROUP, + if (!TEST_true(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME, name_out, sizeof(name_out), &len)) || !TEST_str_eq(name_out, group_name) @@ -928,7 +928,7 @@ static int test_fromdata_ec(void) sizeof(ec_priv_keydata), NULL))) goto err; - if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_EC_NAME, + if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, curve, 0) <= 0) goto err; if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, @@ -955,12 +955,12 @@ static int test_fromdata_ec(void) goto err; if (!TEST_ptr(gettable = EVP_PKEY_gettable_params(pk)) - || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_EC_NAME)) + || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_GROUP_NAME)) || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_PUB_KEY)) || !TEST_ptr(OSSL_PARAM_locate_const(gettable, OSSL_PKEY_PARAM_PRIV_KEY))) goto err; - if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_EC_NAME, + if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME, out_curve_name, sizeof(out_curve_name), &len) || !TEST_str_eq(out_curve_name, curve) @@ -1144,7 +1144,7 @@ static int test_fromdata_dsa_fips186_4(void) || !TEST_int_eq(EVP_PKEY_size(pk), 2 + 2 * (3 + sizeof(q_data)))) goto err; - if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_DH_GROUP, + if (!TEST_false(EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME, name_out, sizeof(name_out), &len)) || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PUB_KEY, diff --git a/test/filterprov.c b/test/filterprov.c index 9fe6690e50..c2189e25a8 100644 --- a/test/filterprov.c +++ b/test/filterprov.c @@ -66,6 +66,14 @@ static int filter_get_params(void *provctx, OSSL_PARAM params[]) return OSSL_PROVIDER_get_params(globs->deflt, params); } +static int filter_get_capabilities(void *provctx, const char *capability, + OSSL_CALLBACK *cb, void *arg) +{ + struct filter_prov_globals_st *globs = get_globals(); + + return OSSL_PROVIDER_get_capabilities(globs->deflt, capability, cb, arg); +} + static const OSSL_ALGORITHM *filter_query(void *provctx, int operation_id, int *no_cache) @@ -97,6 +105,7 @@ static const OSSL_DISPATCH filter_dispatch_table[] = { { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))filter_gettable_params }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))filter_get_params }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))filter_query }, + { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))filter_get_capabilities }, { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))filter_teardown }, { 0, NULL } }; diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf index f788069f56..d1cfcb6f46 100644 --- a/test/ssl-tests/20-cert-select.cnf +++ b/test/ssl-tests/20-cert-select.cnf @@ -1715,12 +1715,10 @@ client = 52-TLS 1.3 ECDSA with brainpool-client [52-TLS 1.3 ECDSA with brainpool-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem CipherString = DEFAULT -Groups = brainpoolP256r1 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem [52-TLS 1.3 ECDSA with brainpool-client] CipherString = DEFAULT -Groups = brainpoolP256r1 MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in index 79325e71c1..38cac87cea 100644 --- a/test/ssl-tests/20-cert-select.cnf.in +++ b/test/ssl-tests/20-cert-select.cnf.in @@ -890,11 +890,9 @@ my @tests_tls_1_3_non_fips = ( server => { "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"), "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"), - "Groups" => "brainpoolP256r1", }, client => { "RequestCAFile" => test_pem("root-cert.pem"), - "Groups" => "brainpoolP256r1", "MinProtocol" => "TLSv1.3", "MaxProtocol" => "TLSv1.3" }, diff --git a/test/sslapitest.c b/test/sslapitest.c index 4665569054..e0a92b31ae 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -42,6 +42,11 @@ OSSL_provider_init_fn filter_provider_init; int filter_provider_set_filter(int operation, const char *name); +/* Defined in tls-provider.c */ +int tls_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx); DEFINE_STACK_OF(OCSP_RESPID) DEFINE_STACK_OF(X509) DEFINE_STACK_OF(X509_NAME) @@ -8039,6 +8044,8 @@ static int test_sigalgs_available(int idx) cctx = SSL_CTX_new_with_libctx(clientctx, NULL, TLS_client_method()); sctx = SSL_CTX_new_with_libctx(serverctx, NULL, TLS_server_method()); + if (!TEST_ptr(cctx) || !TEST_ptr(sctx)) + goto end; if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), @@ -8104,6 +8111,45 @@ static int test_sigalgs_available(int idx) } #endif /* OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_TLS1_3 +static int test_pluggable_group(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + OSSL_PROVIDER *tlsprov = OSSL_PROVIDER_load(libctx, "tls-provider"); + + if (!TEST_ptr(tlsprov)) + goto end; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + TLS1_3_VERSION, + TLS1_3_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (!TEST_true(SSL_set1_groups_list(serverssl, "xorgroup")) + || !TEST_true(SSL_set1_groups_list(clientssl, "xorgroup"))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + OSSL_PROVIDER_unload(tlsprov); + + return testresult; +} +#endif OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config\n") @@ -8153,6 +8199,15 @@ int setup_tests(void) if (strcmp(modulename, "fips") == 0) is_fips = 1; + /* + * We add, but don't load the test "tls-provider". We'll load it when we + * need it. + */ + if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, "tls-provider", + tls_provider_init))) + return 0; + + if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) { #ifdef OPENSSL_NO_CRYPTO_MDEBUG TEST_error("not supported in this build"); @@ -8294,6 +8349,9 @@ int setup_tests(void) ADD_ALL_TESTS(test_servername, 10); #ifndef OPENSSL_NO_EC ADD_ALL_TESTS(test_sigalgs_available, 6); +#endif +#ifndef OPENSSL_NO_TLS1_3 + ADD_TEST(test_pluggable_group); #endif return 1; diff --git a/test/tls-provider.c b/test/tls-provider.c new file mode 100644 index 0000000000..4025d9ee16 --- /dev/null +++ b/test/tls-provider.c @@ -0,0 +1,466 @@ +/* + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +/* For TLS1_3_VERSION */ +#include + +int tls_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx); + +#define XOR_KEY_SIZE 32 + +/* + * Top secret. This algorithm only works if no one knows what this number is. + * Please don't tell anyone what it is. + * + * This algorithm is for testing only - don't really use it! + */ +static const unsigned char private_constant[XOR_KEY_SIZE] = { + 0xd3, 0x6b, 0x54, 0xec, 0x5b, 0xac, 0x89, 0x96, 0x8c, 0x2c, 0x66, 0xa5, + 0x67, 0x0d, 0xe3, 0xdd, 0x43, 0x69, 0xbc, 0x83, 0x3d, 0x60, 0xc7, 0xb8, + 0x2b, 0x1c, 0x5a, 0xfd, 0xb5, 0xcd, 0xd0, 0xf8 +}; + +typedef struct xorkey_st { + unsigned char privkey[XOR_KEY_SIZE]; + unsigned char pubkey[XOR_KEY_SIZE]; + int hasprivkey; + int haspubkey; +} XORKEY; + +/* We define a dummy TLS group called "xorgroup" for test purposes */ + +static unsigned int group_id = 0; /* IANA reserved for private use */ +static unsigned int secbits = 128; +static unsigned int mintls = TLS1_3_VERSION; +static unsigned int maxtls = 0; +static unsigned int mindtls = -1; +static unsigned int maxdtls = -1; + +#define GROUP_NAME "xorgroup" +#define GROUP_NAME_INTERNAL "xorgroup-int" +#define ALGORITHM "XOR" + +static const OSSL_PARAM xor_group_params[] = { + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME, + GROUP_NAME, sizeof(GROUP_NAME)), + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL, + GROUP_NAME_INTERNAL, sizeof(GROUP_NAME_INTERNAL)), + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM, + sizeof(ALGORITHM)), + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &group_id), + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, &secbits), + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &mintls), + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &maxtls), + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &mindtls), + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &maxdtls), + OSSL_PARAM_END +}; + +static int tls_prov_get_capabilities(void *provctx, const char *capability, + OSSL_CALLBACK *cb, void *arg) +{ + /* We're only adding one group so we only call the callback once */ + if (strcmp(capability, "TLS-GROUP") == 0) + return cb(xor_group_params, arg); + + /* We don't support this capability */ + return 0; +} + +/* + * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys + * together. Don't use this! + */ + +static OSSL_OP_keyexch_newctx_fn xor_newctx; +static OSSL_OP_keyexch_init_fn xor_init; +static OSSL_OP_keyexch_set_peer_fn xor_set_peer; +static OSSL_OP_keyexch_derive_fn xor_derive; +static OSSL_OP_keyexch_freectx_fn xor_freectx; +static OSSL_OP_keyexch_dupctx_fn xor_dupctx; + +typedef struct { + XORKEY *key; + XORKEY *peerkey; +} PROV_XOR_CTX; + +static void *xor_newctx(void *provctx) +{ + PROV_XOR_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XOR_CTX)); + + if (pxorctx == NULL) + return NULL; + + return pxorctx; +} + +static int xor_init(void *vpxorctx, void *vkey) +{ + PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx; + + if (pxorctx == NULL || vkey == NULL) + return 0; + pxorctx->key = vkey; + return 1; +} + +static int xor_set_peer(void *vpxorctx, void *vpeerkey) +{ + PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx; + + if (pxorctx == NULL || vpeerkey == NULL) + return 0; + pxorctx->peerkey = vpeerkey; + return 1; +} + +static int xor_derive(void *vpxorctx, unsigned char *secret, size_t *secretlen, + size_t outlen) +{ + PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx; + int i; + + if (pxorctx->key == NULL || pxorctx->peerkey == NULL) + return 0; + + *secretlen = XOR_KEY_SIZE; + if (secret == NULL) + return 1; + + if (outlen < XOR_KEY_SIZE) + return 0; + + for (i = 0; i < XOR_KEY_SIZE; i++) + secret[i] = pxorctx->key->privkey[i] ^ pxorctx->peerkey->pubkey[i]; + + return 1; +} + +static void xor_freectx(void *pxorctx) +{ + OPENSSL_free(pxorctx); +} + +static void *xor_dupctx(void *vpxorctx) +{ + PROV_XOR_CTX *srcctx = (PROV_XOR_CTX *)vpxorctx; + PROV_XOR_CTX *dstctx; + + dstctx = OPENSSL_zalloc(sizeof(*srcctx)); + if (dstctx == NULL) + return NULL; + + *dstctx = *srcctx; + + return dstctx; +} + +static const OSSL_DISPATCH xor_keyexch_functions[] = { + { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newctx }, + { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))xor_init }, + { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))xor_derive }, + { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))xor_set_peer }, + { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))xor_freectx }, + { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))xor_dupctx }, + { 0, NULL } +}; + +static const OSSL_ALGORITHM tls_prov_keyexch[] = { + { "XOR", "provider=tls-provider", xor_keyexch_functions }, + { NULL, NULL, NULL } +}; + +/* Key Management for the dummy XOR key exchange algorithm */ + +static OSSL_OP_keymgmt_new_fn xor_newdata; +static OSSL_OP_keymgmt_free_fn xor_freedata; +static OSSL_OP_keymgmt_has_fn xor_has; +static OSSL_OP_keymgmt_copy_fn xor_copy; +static OSSL_OP_keymgmt_gen_init_fn xor_gen_init; +static OSSL_OP_keymgmt_gen_set_params_fn xor_gen_set_params; +static OSSL_OP_keymgmt_gen_settable_params_fn xor_gen_settable_params; +static OSSL_OP_keymgmt_gen_fn xor_gen; +static OSSL_OP_keymgmt_gen_cleanup_fn xor_gen_cleanup; +static OSSL_OP_keymgmt_get_params_fn xor_get_params; +static OSSL_OP_keymgmt_gettable_params_fn xor_gettable_params; +static OSSL_OP_keymgmt_set_params_fn xor_set_params; +static OSSL_OP_keymgmt_settable_params_fn xor_settable_params; + +static void *xor_newdata(void *provctx) +{ + return OPENSSL_zalloc(sizeof(XORKEY)); +} + +static void xor_freedata(void *keydata) +{ + OPENSSL_free(keydata); +} + +static int xor_has(void *vkey, int selection) +{ + XORKEY *key = vkey; + int ok = 0; + + if (key != NULL) { + ok = 1; + + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) + ok = ok && key->haspubkey; + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + ok = ok && key->hasprivkey; + } + return ok; +} + +static int xor_copy(void *vtokey, const void *vfromkey, int selection) +{ + XORKEY *tokey = vtokey; + const XORKEY *fromkey = vfromkey; + int ok = 0; + + if (tokey != NULL && fromkey != NULL) { + ok = 1; + + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if (fromkey->haspubkey) { + memcpy(tokey->pubkey, fromkey->pubkey, XOR_KEY_SIZE); + tokey->haspubkey = 1; + } else { + tokey->haspubkey = 0; + } + } + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + if (fromkey->hasprivkey) { + memcpy(tokey->privkey, fromkey->privkey, XOR_KEY_SIZE); + tokey->hasprivkey = 1; + } else { + tokey->hasprivkey = 0; + } + } + } + return ok; +} + +static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[]) +{ + XORKEY *key = vkey; + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL + && !OSSL_PARAM_set_int(p, XOR_KEY_SIZE)) + return 0; + + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL + && !OSSL_PARAM_set_int(p, secbits)) + return 0; + + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) { + if (p->data_type != OSSL_PARAM_OCTET_STRING) + return 0; + p->return_size = XOR_KEY_SIZE; + if (p->data != NULL && p->data_size >= XOR_KEY_SIZE) + memcpy(p->data, key->pubkey, XOR_KEY_SIZE); + } + + return 1; +} + +static const OSSL_PARAM xor_params[] = { + OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *xor_gettable_params(void) +{ + return xor_params; +} + +static int xor_set_params(void *vkey, const OSSL_PARAM params[]) +{ + XORKEY *key = vkey; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT); + if (p != NULL) { + if (p->data_type != OSSL_PARAM_OCTET_STRING + || p->data_size != XOR_KEY_SIZE) + return 0; + memcpy(key->pubkey, p->data, XOR_KEY_SIZE); + key->haspubkey = 1; + } + + return 1; +} + +static const OSSL_PARAM xor_known_settable_params[] = { + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *xor_settable_params(void) +{ + return xor_known_settable_params; +} + +struct xor_gen_ctx { + int selection; + OPENSSL_CTX *libctx; +}; + +static void *xor_gen_init(void *provctx, int selection) +{ + struct xor_gen_ctx *gctx = NULL; + + if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR + | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0) + return NULL; + + if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) + gctx->selection = selection; + + /* Our provctx is really just an OPENSSL_CTX */ + gctx->libctx = (OPENSSL_CTX *)provctx; + + return gctx; +} + +static int xor_gen_set_params(void *genctx, const OSSL_PARAM params[]) +{ + struct xor_gen_ctx *gctx = genctx; + const OSSL_PARAM *p; + + if (gctx == NULL) + return 0; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); + if (p != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING + || strcmp(p->data, GROUP_NAME_INTERNAL) != 0) + return 0; + } + + return 1; +} + +static const OSSL_PARAM *xor_gen_settable_params(void *provctx) +{ + static OSSL_PARAM settable[] = { + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), + OSSL_PARAM_END + }; + return settable; +} + +static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) +{ + struct xor_gen_ctx *gctx = genctx; + XORKEY *key = OPENSSL_zalloc(sizeof(*key)); + size_t i; + + if (key == NULL) + return NULL; + + if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE) <= 0) { + OPENSSL_free(key); + return NULL; + } + for (i = 0; i < XOR_KEY_SIZE; i++) + key->pubkey[i] = key->privkey[i] ^ private_constant[i]; + key->hasprivkey = 1; + key->haspubkey = 1; + } + + return key; +} + +static void xor_gen_cleanup(void *genctx) +{ + OPENSSL_free(genctx); +} + +static const OSSL_DISPATCH xor_keymgmt_functions[] = { + { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newdata }, + { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init }, + { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params }, + { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, + (void (*)(void))xor_gen_settable_params }, + { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_gen }, + { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params }, + { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has }, + { OSSL_FUNC_KEYMGMT_COPY, (void (*)(void))xor_copy }, + { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freedata }, + { 0, NULL } +}; + +static const OSSL_ALGORITHM tls_prov_keymgmt[] = { + { "XOR", "provider=tls-provider", xor_keymgmt_functions }, + { NULL, NULL, NULL } +}; + +static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id, + int *no_cache) +{ + *no_cache = 0; + switch (operation_id) { + case OSSL_OP_KEYMGMT: + return tls_prov_keymgmt; + case OSSL_OP_KEYEXCH: + return tls_prov_keyexch; + } + return NULL; +} + +/* Functions we provide to the core */ +static const OSSL_DISPATCH tls_prov_dispatch_table[] = { + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))tls_prov_query }, + { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))tls_prov_get_capabilities }, + { 0, NULL } +}; + +int tls_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, + void **provctx) +{ + OPENSSL_CTX *libctx = OPENSSL_CTX_new(); + + *provctx = libctx; + + /* + * Randomise the group_id we're going to use to ensure we don't interoperate + * with anything but ourselves. + */ + if (!RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id))) + return 0; + /* + * Ensure group_id is within the IANA Reserved for private use range + * (65024-65279) + */ + group_id %= 65279 - 65024; + group_id += 65024; + + *out = tls_prov_dispatch_table; + return 1; +} diff --git a/util/libcrypto.num b/util/libcrypto.num index 230126ff55..38cc5700d7 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5048,8 +5048,8 @@ CTLOG_new_from_base64_with_libctx ? 3_0_0 EXIST::FUNCTION:CT CTLOG_STORE_new_with_libctx ? 3_0_0 EXIST::FUNCTION:CT EVP_PKEY_set_ex_data ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_get_ex_data ? 3_0_0 EXIST::FUNCTION: -EVP_PKEY_CTX_set_ec_paramgen_curve_name ? 3_0_0 EXIST::FUNCTION:EC -EVP_PKEY_CTX_get_ec_paramgen_curve_name ? 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_CTX_set_group_name ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_get_group_name ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set_ec_paramgen_curve_nid ? 3_0_0 EXIST::FUNCTION:EC d2i_PrivateKey_ex ? 3_0_0 EXIST::FUNCTION: d2i_AutoPrivateKey_ex ? 3_0_0 EXIST::FUNCTION: @@ -5099,3 +5099,4 @@ EVP_PKEY_eq ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_parameters_eq ? 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_query_operation ? 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_get0_provider_ctx ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_get_capabilities ? 3_0_0 EXIST::FUNCTION: From matt at openssl.org Fri Jun 19 09:44:38 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 19 Jun 2020 09:44:38 +0000 Subject: [openssl] master update Message-ID: <1592559878.821259.10001.nullmailer@dev.openssl.org> The branch master has been updated via 989a85774b63a91ca8d3be558ec7560fdf91fa42 (commit) via 9ee77767b2186a4f0933ebfe2ba5caa83d814f4c (commit) via febe6bb727082b07a6ffbf64b3b1b0dd871ec000 (commit) via 2da8d4eb2812e18cec5c8324a54a4c56b52563ed (commit) from 48e971dd9f88933a7f77f5051a8b79b9e17892a9 (commit) - Log ----------------------------------------------------------------- commit 989a85774b63a91ca8d3be558ec7560fdf91fa42 Author: Matt Caswell Date: Tue Jun 16 16:15:52 2020 +0100 Add evp_extra_test2 to .gitignore This is a test executable which should not be added to the repository Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12159) commit 9ee77767b2186a4f0933ebfe2ba5caa83d814f4c Author: Matt Caswell Date: Mon Jun 15 17:48:39 2020 +0100 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx Really this test should go in evp_extra_test. However that doesn't currently support a non-default libctx (with the "null" provider in the default libctx). So (for now) we create evp_extra_test2.c Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12159) commit febe6bb727082b07a6ffbf64b3b1b0dd871ec000 Author: Matt Caswell Date: Mon Jun 15 14:29:37 2020 +0100 Ensure creating an EC public key uses the libctx Creating an EC public key from the private key uses random numbers internally, which require use of the proper libtx. Therefore we make sure the libctx is used during this operation. Fixes #12150 Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12159) commit 2da8d4eb2812e18cec5c8324a54a4c56b52563ed Author: Matt Caswell Date: Mon Jun 15 14:21:00 2020 +0100 Add more complete support for libctx/propq in the EC code Renames some "new_ex" functions to "new_with_libctx" and ensures that we pass around the libctx AND the propq everywhere. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12159) ----------------------------------------------------------------------- Summary of changes: .gitignore | 1 + crypto/ec/ec_ameth.c | 41 +++-- crypto/ec/ec_backend.c | 5 +- crypto/ec/ec_curve.c | 16 +- crypto/ec/ec_cvt.c | 4 +- crypto/ec/ec_key.c | 34 ++-- crypto/ec/ec_kmeth.c | 15 +- crypto/ec/ec_lib.c | 22 ++- crypto/ec/ec_local.h | 9 +- crypto/err/openssl.txt | 1 - doc/man3/EC_GROUP_new.pod | 53 +++--- doc/man3/EC_KEY_new.pod | 70 ++++---- include/crypto/ec.h | 1 + include/openssl/ec.h | 25 +-- include/openssl/ecerr.h | 1 - providers/fips/fipsprov.c | 2 +- providers/implementations/keymgmt/ec_kmgmt.c | 6 +- test/build.info | 10 +- test/evp_extra_test2.c | 237 +++++++++++++++++++++++++++ test/recipes/30-test_evp_extra.t | 3 +- util/libcrypto.num | 9 +- 21 files changed, 436 insertions(+), 129 deletions(-) create mode 100644 test/evp_extra_test2.c diff --git a/.gitignore b/.gitignore index 1ea4cb71af..49002162f8 100644 --- a/.gitignore +++ b/.gitignore @@ -69,6 +69,7 @@ providers/common/include/prov/der_digests.h /test/rsa_complex /test/confdump /test/bio_prefix_text +/test/evp_extra_test2 # Certain files that get created by tests on the fly /test-runs diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index bde8458274..761f697850 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -97,17 +97,24 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) return 0; } -static EC_KEY *eckey_type2param(int ptype, const void *pval) +static EC_KEY *eckey_type2param(int ptype, const void *pval, + OPENSSL_CTX *libctx, const char *propq) { EC_KEY *eckey = NULL; EC_GROUP *group = NULL; + if ((eckey = EC_KEY_new_with_libctx(libctx, propq)) == NULL) { + ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE); + goto ecerr; + } + if (ptype == V_ASN1_SEQUENCE) { const ASN1_STRING *pstr = pval; const unsigned char *pm = pstr->data; int pmlen = pstr->length; - if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) { + + if (d2i_ECParameters(&eckey, &pm, pmlen) == NULL) { ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); goto ecerr; } @@ -117,11 +124,9 @@ static EC_KEY *eckey_type2param(int ptype, const void *pval) /* * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID */ - if ((eckey = EC_KEY_new()) == NULL) { - ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE); - goto ecerr; - } - group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)); + + group = EC_GROUP_new_by_curve_name_with_libctx(libctx, propq, + OBJ_obj2nid(poid)); if (group == NULL) goto ecerr; EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); @@ -153,7 +158,7 @@ static int eckey_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) return 0; X509_ALGOR_get0(NULL, &ptype, &pval, palg); - eckey = eckey_type2param(ptype, pval); + eckey = eckey_type2param(ptype, pval, NULL, NULL); if (!eckey) { ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB); @@ -190,7 +195,10 @@ static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) return -2; } -static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) +static int eckey_priv_decode_with_libctx(EVP_PKEY *pkey, + const PKCS8_PRIV_KEY_INFO *p8, + OPENSSL_CTX *libctx, + const char *propq) { const unsigned char *p = NULL; const void *pval; @@ -202,14 +210,14 @@ static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) return 0; X509_ALGOR_get0(NULL, &ptype, &pval, palg); - eckey = eckey_type2param(ptype, pval); + eckey = eckey_type2param(ptype, pval, libctx, propq); if (eckey == NULL) goto ecliberr; /* We have parameters now set private key */ if (!d2i_ECPrivateKey(&eckey, &p, pklen)) { - ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR); + ECerr(0, EC_R_DECODE_ERROR); goto ecerr; } @@ -217,7 +225,7 @@ static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) return 1; ecliberr: - ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); + ECerr(0, ERR_R_EC_LIB); ecerr: EC_KEY_free(eckey); return 0; @@ -762,7 +770,7 @@ static int ec_pkey_import_from(const OSSL_PARAM params[], void *vpctx) { EVP_PKEY_CTX *pctx = vpctx; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); - EC_KEY *ec = EC_KEY_new_ex(pctx->libctx); + EC_KEY *ec = EC_KEY_new_with_libctx(pctx->libctx, pctx->propquery); if (ec == NULL) { ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); @@ -791,7 +799,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { eckey_pub_cmp, eckey_pub_print, - eckey_priv_decode, + NULL, eckey_priv_encode, eckey_priv_print, @@ -825,7 +833,8 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { ec_pkey_dirty_cnt, ec_pkey_export_to, - ec_pkey_import_from + ec_pkey_import_from, + eckey_priv_decode_with_libctx }; #if !defined(OPENSSL_NO_SM2) @@ -879,7 +888,7 @@ static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, if (!EC_KEY_set_group(ecpeer, grp)) goto err; } else { - ecpeer = eckey_type2param(atype, aval); + ecpeer = eckey_type2param(atype, aval, pctx->libctx, pctx->propquery); if (!ecpeer) goto err; } diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c index b12a9411d2..2277c2c724 100644 --- a/crypto/ec/ec_backend.c +++ b/crypto/ec/ec_backend.c @@ -190,8 +190,9 @@ int ec_key_domparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) || (curve_nid = ec_curve_name2nid(curve_name)) == NID_undef) goto err; - if ((ecg = EC_GROUP_new_by_curve_name_ex(ec_key_get_libctx(ec), - curve_nid)) == NULL) + if ((ecg = EC_GROUP_new_by_curve_name_with_libctx(ec_key_get_libctx(ec), + ec_key_get0_propq(ec), + curve_nid)) == NULL) goto err; } diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 3be62b3655..bf02c261f7 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3180,6 +3180,7 @@ int ec_curve_name2nid(const char *name) } static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx, + const char *propq, const ec_list_element curve) { EC_GROUP *group = NULL; @@ -3195,8 +3196,8 @@ static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx, /* If no curve data curve method must handle everything */ if (curve.data == NULL) - return ec_group_new_ex(libctx, - curve.meth != NULL ? curve.meth() : NULL); + return ec_group_new_with_libctx(libctx, propq, + curve.meth != NULL ? curve.meth() : NULL); if ((ctx = BN_CTX_new_ex(libctx)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); @@ -3218,7 +3219,7 @@ static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx, if (curve.meth != 0) { meth = curve.meth(); - if (((group = ec_group_new_ex(libctx, meth)) == NULL) || + if (((group = ec_group_new_with_libctx(libctx, propq, meth)) == NULL) || (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; @@ -3288,14 +3289,15 @@ static EC_GROUP *ec_group_new_from_data(OPENSSL_CTX *libctx, return group; } -EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid) +EC_GROUP *EC_GROUP_new_by_curve_name_with_libctx(OPENSSL_CTX *libctx, + const char *propq, int nid) { EC_GROUP *ret = NULL; const ec_list_element *curve; if ((curve = ec_curve_nid2curve(nid)) == NULL - || (ret = ec_group_new_from_data(libctx, *curve)) == NULL) { - ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME_EX, EC_R_UNKNOWN_GROUP); + || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) { + ECerr(0, EC_R_UNKNOWN_GROUP); return NULL; } @@ -3305,7 +3307,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid) #ifndef FIPS_MODULE EC_GROUP *EC_GROUP_new_by_curve_name(int nid) { - return EC_GROUP_new_by_curve_name_ex(NULL, nid); + return EC_GROUP_new_by_curve_name_with_libctx(NULL, NULL, nid); } #endif diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c index a8ea6fe7fd..e5e6f10ce4 100644 --- a/crypto/ec/ec_cvt.c +++ b/crypto/ec/ec_cvt.c @@ -54,7 +54,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, meth = EC_GFp_mont_method(); #endif - ret = ec_group_new_ex(bn_get_lib_ctx(ctx), meth); + ret = ec_group_new_with_libctx(bn_get_lib_ctx(ctx), NULL, meth); if (ret == NULL) return NULL; @@ -75,7 +75,7 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, meth = EC_GF2m_simple_method(); - ret = ec_group_new_ex(bn_get_lib_ctx(ctx), meth); + ret = ec_group_new_with_libctx(bn_get_lib_ctx(ctx), NULL, meth); if (ret == NULL) return NULL; diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 47feede54b..84ce095693 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -29,21 +29,22 @@ static int ecdsa_keygen_pairwise_test(EC_KEY *eckey, OSSL_CALLBACK *cb, #ifndef FIPS_MODULE EC_KEY *EC_KEY_new(void) { - return ec_key_new_method_int(NULL, NULL); + return ec_key_new_method_int(NULL, NULL, NULL); } #endif -EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx) +EC_KEY *EC_KEY_new_with_libctx(OPENSSL_CTX *ctx, const char *propq) { - return ec_key_new_method_int(ctx, NULL); + return ec_key_new_method_int(ctx, propq, NULL); } -EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid) +EC_KEY *EC_KEY_new_by_curve_name_with_libctx(OPENSSL_CTX *ctx, + const char *propq, int nid) { - EC_KEY *ret = EC_KEY_new_ex(ctx); + EC_KEY *ret = EC_KEY_new_with_libctx(ctx, propq); if (ret == NULL) return NULL; - ret->group = EC_GROUP_new_by_curve_name_ex(ctx, nid); + ret->group = EC_GROUP_new_by_curve_name_with_libctx(ctx, propq, nid); if (ret->group == NULL) { EC_KEY_free(ret); return NULL; @@ -59,7 +60,7 @@ EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid) #ifndef FIPS_MODULE EC_KEY *EC_KEY_new_by_curve_name(int nid) { - return EC_KEY_new_by_curve_name_ex(NULL, nid); + return EC_KEY_new_by_curve_name_with_libctx(NULL, NULL, nid); } #endif @@ -93,6 +94,7 @@ void EC_KEY_free(EC_KEY *r) EC_GROUP_free(r->group); EC_POINT_free(r->pub_key); BN_clear_free(r->priv_key); + OPENSSL_free(r->propq); OPENSSL_clear_free((void *)r, sizeof(EC_KEY)); } @@ -119,7 +121,8 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) if (src->group != NULL) { /* clear the old group */ EC_GROUP_free(dest->group); - dest->group = ec_group_new_ex(src->libctx, src->group->meth); + dest->group = ec_group_new_with_libctx(src->libctx, src->propq, + src->group->meth); if (dest->group == NULL) return NULL; if (!EC_GROUP_copy(dest->group, src->group)) @@ -180,7 +183,8 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) { - EC_KEY *ret = ec_key_new_method_int(ec_key->libctx, ec_key->engine); + EC_KEY *ret = ec_key_new_method_int(ec_key->libctx, ec_key->propq, + ec_key->engine); if (ret == NULL) return NULL; @@ -345,14 +349,19 @@ int ec_key_simple_generate_key(EC_KEY *eckey) int ec_key_simple_generate_public_key(EC_KEY *eckey) { int ret; + BN_CTX *ctx = BN_CTX_new_ex(eckey->libctx); + + if (ctx == NULL) + return 0; /* * See SP800-56AR3 5.6.1.2.2: Step (8) * pub_key = priv_key * G (where G is a point on the curve) */ ret = EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, - NULL, NULL); + NULL, ctx); + BN_CTX_free(ctx); if (ret == 1) eckey->dirty_cnt++; @@ -631,6 +640,11 @@ OPENSSL_CTX *ec_key_get_libctx(const EC_KEY *key) return key->libctx; } +const char *ec_key_get0_propq(const EC_KEY *key) +{ + return key->propq; +} + const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) { return key->group; diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 1f30571089..3fec8a4d81 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -76,7 +76,8 @@ int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth) return 1; } -EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, ENGINE *engine) +EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, const char *propq, + ENGINE *engine) { EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); @@ -86,13 +87,19 @@ EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, ENGINE *engine) } ret->libctx = libctx; + if (propq != NULL) { + ret->propq = OPENSSL_strdup(propq); + if (ret->propq == NULL) { + ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_MALLOC_FAILURE); + goto err; + } + } ret->references = 1; ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { ECerr(EC_F_EC_KEY_NEW_METHOD_INT, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; + goto err; } ret->meth = EC_KEY_get_default_method(); @@ -138,7 +145,7 @@ EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, ENGINE *engine) #ifndef FIPS_MODULE EC_KEY *EC_KEY_new_method(ENGINE *engine) { - return ec_key_new_method_int(NULL, engine); + return ec_key_new_method_int(NULL, NULL, engine); } #endif diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index f62eff5034..a0c007a13e 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -23,26 +23,34 @@ /* functions for EC_GROUP objects */ -EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth) +EC_GROUP *ec_group_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, + const EC_METHOD *meth) { EC_GROUP *ret; if (meth == NULL) { - ECerr(EC_F_EC_GROUP_NEW_EX, EC_R_SLOT_FULL); + ECerr(0, EC_R_SLOT_FULL); return NULL; } if (meth->group_init == 0) { - ECerr(EC_F_EC_GROUP_NEW_EX, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ECerr(0, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return NULL; } ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - ECerr(EC_F_EC_GROUP_NEW_EX, ERR_R_MALLOC_FAILURE); + ECerr(0, ERR_R_MALLOC_FAILURE); return NULL; } ret->libctx = libctx; + if (propq != NULL) { + ret->propq = OPENSSL_strdup(propq); + if (ret->propq == NULL) { + ECerr(0, ERR_R_MALLOC_FAILURE); + goto err; + } + } ret->meth = meth; if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) { ret->order = BN_new(); @@ -61,6 +69,7 @@ EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth) err: BN_free(ret->order); BN_free(ret->cofactor); + OPENSSL_free(ret->propq); OPENSSL_free(ret); return NULL; } @@ -69,7 +78,7 @@ EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth) # ifndef FIPS_MODULE EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) { - return ec_group_new_ex(NULL, meth); + return ec_group_new_with_libctx(NULL, NULL, meth); } # endif #endif @@ -121,6 +130,7 @@ void EC_GROUP_free(EC_GROUP *group) BN_free(group->order); BN_free(group->cofactor); OPENSSL_free(group->seed); + OPENSSL_free(group->propq); OPENSSL_free(group); } @@ -257,7 +267,7 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) if (a == NULL) return NULL; - if ((t = ec_group_new_ex(a->libctx, a->meth)) == NULL) + if ((t = ec_group_new_with_libctx(a->libctx, a->propq, a->meth)) == NULL) return NULL; if (!EC_GROUP_copy(t, a)) goto err; diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h index 7f9b61bc49..aa040b54d1 100644 --- a/crypto/ec/ec_local.h +++ b/crypto/ec/ec_local.h @@ -274,6 +274,7 @@ struct ec_group_st { } pre_comp; OPENSSL_CTX *libctx; + char *propq; }; #define SETPRECOMP(g, type, pre) \ @@ -297,6 +298,7 @@ struct ec_key_st { #endif CRYPTO_RWLOCK *lock; OPENSSL_CTX *libctx; + char *propq; /* Provider data */ size_t dirty_cnt; /* If any key material changes, increment this */ @@ -593,10 +595,12 @@ int ec_group_simple_order_bits(const EC_GROUP *group); * Creates a new EC_GROUP object * \param libctx The associated library context or NULL for the default * library context + * \param propq Any property query string * \param meth EC_METHOD to use * \return newly created EC_GROUP object or NULL in case of an error. */ -EC_GROUP *ec_group_new_ex(OPENSSL_CTX *libctx, const EC_METHOD *meth); +EC_GROUP *ec_group_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, + const EC_METHOD *meth); #ifdef ECP_NISTZ256_ASM /** Returns GFp methods using montgomery multiplication, with x86-64 optimized @@ -651,7 +655,8 @@ struct ec_key_method_st { #define EC_KEY_METHOD_DYNAMIC 1 -EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, ENGINE *engine); +EC_KEY *ec_key_new_method_int(OPENSSL_CTX *libctx, const char *propq, + ENGINE *engine); int ossl_ec_key_gen(EC_KEY *eckey); int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen, diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 515dfc3f11..a30b808a25 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -652,7 +652,6 @@ EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS:193:EC_GROUP_get_pentanomial_basis EC_F_EC_GROUP_GET_TRINOMIAL_BASIS:194:EC_GROUP_get_trinomial_basis EC_F_EC_GROUP_NEW:108:EC_GROUP_new EC_F_EC_GROUP_NEW_BY_CURVE_NAME:174:EC_GROUP_new_by_curve_name -EC_F_EC_GROUP_NEW_BY_CURVE_NAME_EX:301:EC_GROUP_new_by_curve_name_ex EC_F_EC_GROUP_NEW_EX:302:EC_GROUP_new_ex EC_F_EC_GROUP_NEW_FROM_DATA:175:ec_group_new_from_data EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS:263:EC_GROUP_new_from_ecparameters diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod index fa61275806..76fed3b246 100644 --- a/doc/man3/EC_GROUP_new.pod +++ b/doc/man3/EC_GROUP_new.pod @@ -11,7 +11,7 @@ EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, -EC_GROUP_new_by_curve_name_ex, +EC_GROUP_new_by_curve_name_with_libctx, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve, EC_GROUP_get_curve, @@ -34,7 +34,8 @@ objects const BIGNUM *b, BN_CTX *ctx); EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); - EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid); + EC_GROUP *EC_GROUP_new_by_curve_name_with_libctx(OPENSSL_CTX *libctx, + const char *propq, int nid); EC_GROUP *EC_GROUP_new_by_curve_name(int nid); int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, @@ -83,24 +84,24 @@ pentanomial for this parameter. Although deprecated since OpenSSL 3.0 and should no longer be used, a new curve can be constructed by calling EC_GROUP_new(), using the -implementation provided by B (see L) and -associated with the library context B (see L). -The B parameter may be NULL in which case the default library context is +implementation provided by I (see L) and +associated with the library context I (see L). +The I parameter may be NULL in which case the default library context is used. It is then necessary to call EC_GROUP_set_curve() to set the curve parameters. Applications should instead use one of the other EC_GROUP_new_* constructors. EC_GROUP_new_from_ecparameters() will create a group from the -specified B and +specified I and EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK -B. +I. -EC_GROUP_set_curve() sets the curve parameters B

    , B and B. For a curve -over Fp B

    is the prime for the field. For a curve over F2^m B

    represents +EC_GROUP_set_curve() sets the curve parameters I

    , I and I. For a curve +over Fp I

    is the prime for the field. For a curve over F2^m I

    represents the irreducible polynomial - each bit represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. -In either case, B and B represents the coefficients a and b from the +In either case, I and I represents the coefficients a and b from the relevant equation introduced above. EC_group_get_curve() obtains the previously set curve parameters. @@ -120,13 +121,13 @@ An appropriate default implementation method will be used. Whilst the library can be used to create any curve using the functions described above, there are also a number of predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function -EC_get_builtin_curves(). The parameter B should be an array of -EC_builtin_curve structures of size B. The function will populate the -B array with information about the built-in curves. If B is less than -the total number of curves available, then the first B curves will be +EC_get_builtin_curves(). The parameter I should be an array of +EC_builtin_curve structures of size I. The function will populate the +I array with information about the built-in curves. If I is less than +the total number of curves available, then the first I curves will be returned. Otherwise the total number of curves will be provided. The return value is the total number of curves available (whether that number has been -populated in B or not). Passing a NULL B, or setting B to 0 will +populated in I or not). Passing a NULL I, or setting I to 0 will do nothing other than return the total number of curves available. The EC_builtin_curve structure is defined as follows: @@ -135,26 +136,28 @@ The EC_builtin_curve structure is defined as follows: const char *comment; } EC_builtin_curve; -Each EC_builtin_curve item has a unique integer id (B), and a human +Each EC_builtin_curve item has a unique integer id (I), and a human readable comment string describing the curve. In order to construct a built-in curve use the function -EC_GROUP_new_by_curve_name_ex() and provide the B of the curve to be -constructed and the associated library context to be used in B (see -L). The B value may be NULL in which case the default -library context is used. +EC_GROUP_new_by_curve_name_with_libctx() and provide the I of the curve to +be constructed, the associated library context to be used in I (see +L) and any property query string in I. The I value +may be NULL in which case the default library context is used. The I +value may also be NULL. -EC_GROUP_new_by_curve_name() is the same as EC_GROUP_new_by_curve_name_ex() -except that the default library context is always used. +EC_GROUP_new_by_curve_name() is the same as +EC_GROUP_new_by_curve_name_with_libctx() except that the default library context +is always used along with a NULL property query string. EC_GROUP_free() frees the memory associated with the EC_GROUP. -If B is NULL nothing is done. +If I is NULL nothing is done. EC_GROUP_clear_free() is deprecated: it was meant to destroy any sensitive data held within the EC_GROUP and then free its memory, but since all the data stored in the EC_GROUP is public anyway, this function is unnecessary. Its use can be safely replaced with EC_GROUP_free(). -If B is NULL nothing is done. +If I is NULL nothing is done. =head1 RETURN VALUES @@ -182,7 +185,7 @@ L EC_GROUP_new() was deprecated in OpenSSL 3.0. -EC_GROUP_new_by_curve_name_ex() was added in OpenSSL 3.0. +EC_GROUP_new_by_curve_name_with_libctx() was added in OpenSSL 3.0. =item * diff --git a/doc/man3/EC_KEY_new.pod b/doc/man3/EC_KEY_new.pod index 04ad740bc6..a907435153 100644 --- a/doc/man3/EC_KEY_new.pod +++ b/doc/man3/EC_KEY_new.pod @@ -2,10 +2,10 @@ =head1 NAME -EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_ex, +EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new_with_libctx, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, -EC_KEY_new_by_curve_name_ex, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, -EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, +EC_KEY_new_by_curve_name_with_libctx, EC_KEY_new_by_curve_name, EC_KEY_free, +EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, @@ -19,12 +19,13 @@ EC_KEY objects #include - EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx); + EC_KEY *EC_KEY_new_with_libctx(OPENSSL_CTX *ctx, const char *propq); EC_KEY *EC_KEY_new(void); int EC_KEY_get_flags(const EC_KEY *key); void EC_KEY_set_flags(EC_KEY *key, int flags); void EC_KEY_clear_flags(EC_KEY *key, int flags); - EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid); + EC_KEY *EC_KEY_new_by_curve_name_with_libctx(OPENSSL_CTX *ctx, + const char *propq, int nid); EC_KEY *EC_KEY_new_by_curve_name(int nid); void EC_KEY_free(EC_KEY *key); EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); @@ -64,9 +65,9 @@ Deprecated since OpenSSL 3.0: An EC_KEY represents a public key and, optionally, the associated private key. A new EC_KEY with no associated curve can be constructed by calling -EC_KEY_new_ex() and specifying the associated library context in B -(see L). -The B parameter may be NULL in which case the default library context is +EC_KEY_new_ex() and specifying the associated library context in I +(see L) and property query string I. +The I parameter may be NULL in which case the default library context is used. The reference count for the newly created EC_KEY is initially set to 1. @@ -77,24 +78,26 @@ EC_KEY_new() is the same as EC_KEY_new_ex() except that the default library context is always used. Alternatively a new EC_KEY can be constructed by calling -EC_KEY_new_by_curve_name_ex() and supplying the nid of the associated curve and -the library context to be used B (see L). -The B parameter may be NULL in which case the default library context is -used. +EC_KEY_new_by_curve_name_with_libctx() and supplying the nid of the associated +curve, the library context to be used I (see L) and any +property query string I. +The I parameter may be NULL in which case the default library context is +used. The I value may also be NULL. See L for a description of curve names. This function simply wraps calls to EC_KEY_new_ex() and -EC_GROUP_new_by_curve_name_ex(). +EC_GROUP_new_by_curve_name_with_libctx(). -EC_KEY_new_by_curve_name() is the same as EC_KEY_new_by_curve_name_ex() except -that the default library context is always used. +EC_KEY_new_by_curve_name() is the same as EC_KEY_new_by_curve_name_with_libctx() +except that the default library context is always used and a NULL property query +string. Calling EC_KEY_free() decrements the reference count for the EC_KEY object, and if it has dropped to zero then frees the memory associated with it. If -B is NULL nothing is done. +I is NULL nothing is done. -EC_KEY_copy() copies the contents of the EC_KEY in B into B. +EC_KEY_copy() copies the contents of the EC_KEY in I into I. -EC_KEY_dup() creates a new EC_KEY object and copies B into it. +EC_KEY_dup() creates a new EC_KEY object and copies I into it. EC_KEY_up_ref() increments the reference count associated with the EC_KEY object. @@ -103,7 +106,7 @@ EC_KEY_get0_engine() returns a handle to the ENGINE that has been set for this EC_KEY object. EC_KEY_generate_key() generates a new public and private key for the supplied -B object. B must have an EC_GROUP object associated with it +I object. I must have an EC_GROUP object associated with it before calling this function. The private key is a random integer (0 < priv_key < order, where I is the order of the EC_GROUP object). The public key is an EC_POINT on the curve calculated by multiplying the generator for the @@ -112,27 +115,27 @@ curve by the private key. EC_KEY_check_key() performs various sanity checks on the EC_KEY object to confirm that it is valid. -EC_KEY_set_public_key_affine_coordinates() sets the public key for B based +EC_KEY_set_public_key_affine_coordinates() sets the public key for I based on its affine co-ordinates; i.e., it constructs an EC_POINT object based on -the supplied B and B values and sets the public key to be this +the supplied I and I values and sets the public key to be this EC_POINT. It also performs certain sanity checks on the key to confirm that it is valid. The functions EC_KEY_get0_group(), EC_KEY_set_group(), EC_KEY_get0_private_key(), EC_KEY_set_private_key(), EC_KEY_get0_public_key(), and EC_KEY_set_public_key() get and set the EC_GROUP object, the private key, -and the EC_POINT public key for the B respectively. +and the EC_POINT public key for the I respectively. The functions EC_KEY_get_conv_form() and EC_KEY_set_conv_form() get and set the -point_conversion_form for the B. For a description of +point_conversion_form for the I. For a description of point_conversion_forms please see L. -EC_KEY_set_flags() sets the flags in the B parameter on the EC_KEY +EC_KEY_set_flags() sets the flags in the I parameter on the EC_KEY object. Any flags that are already set are left set. The flags currently defined are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH. EC_KEY_get_flags() returns the current flags that are set for this EC_KEY. -EC_KEY_clear_flags() clears the flags indicated by the B parameter; all +EC_KEY_clear_flags() clears the flags indicated by the I parameter; all other flags are left in their existing state. EC_KEY_set_asn1_flag() sets the asn1_flag on the underlying EC_GROUP object @@ -147,11 +150,11 @@ hardcoded lookup tables for. EC_KEY_oct2key() and EC_KEY_key2buf() are identical to the functions EC_POINT_oct2point() and EC_POINT_point2buf() except they use the public key -EC_POINT in B. +EC_POINT in I. EC_KEY_oct2priv() and EC_KEY_priv2oct() convert between the private key -component of B and octet form. The octet form consists of the content -octets of the B OCTET STRING in an B ASN.1 structure. +component of I and octet form. The octet form consists of the content +octets of the I OCTET STRING in an I ASN.1 structure. The function EC_KEY_priv2oct() must be supplied with a buffer long enough to store the octet form. The return value provides the number of octets stored. @@ -159,17 +162,18 @@ Calling the function with a NULL buffer will not perform the conversion but will just return the required buffer length. The function EC_KEY_priv2buf() allocates a buffer of suitable length and writes -an EC_KEY to it in octet format. The allocated buffer is written to B<*pbuf> +an EC_KEY to it in octet format. The allocated buffer is written to I<*pbuf> and its length is returned. The caller must free up the allocated buffer with a -call to OPENSSL_free(). Since the allocated buffer value is written to B<*pbuf> -the B parameter B be B. +call to OPENSSL_free(). Since the allocated buffer value is written to I<*pbuf> +the I parameter B be B. EC_KEY_priv2buf() converts an EC_KEY private key into an allocated buffer. =head1 RETURN VALUES -EC_KEY_new_ex(), EC_KEY_new(), EC_KEY_new_by_curve_name() and EC_KEY_dup() -return a pointer to the newly created EC_KEY object, or NULL on error. +EC_KEY_new_with_libctx(), EC_KEY_new(), EC_KEY_new_by_curve_name_with_libctx(), +EC_KEY_new_by_curve_name() and EC_KEY_dup() return a pointer to the newly +created EC_KEY object, or NULL on error. EC_KEY_get_flags() returns the flags associated with the EC_KEY object as an integer. diff --git a/include/crypto/ec.h b/include/crypto/ec.h index bccebb06db..a771cfd706 100644 --- a/include/crypto/ec.h +++ b/include/crypto/ec.h @@ -54,6 +54,7 @@ int ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx); int ec_key_private_check(const EC_KEY *eckey); int ec_key_pairwise_check(const EC_KEY *eckey, BN_CTX *ctx); OPENSSL_CTX *ec_key_get_libctx(const EC_KEY *eckey); +const char *ec_key_get0_propq(const EC_KEY *eckey); const char *ec_curve_nid2name(int nid); int ec_curve_name2nid(const char *name); const unsigned char *ecdsa_algorithmidentifier_encoding(int md_nid, size_t *len); diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 1302e27bb0..35dbeb9301 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -383,15 +383,18 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, * Creates a EC_GROUP object with a curve specified by a NID * \param libctx The associated library context or NULL for the default * context + * \param propq A property query string * \param nid NID of the OID of the curve name * \return newly created EC_GROUP object with specified curve or NULL * if an error occurred */ -EC_GROUP *EC_GROUP_new_by_curve_name_ex(OPENSSL_CTX *libctx, int nid); +EC_GROUP *EC_GROUP_new_by_curve_name_with_libctx(OPENSSL_CTX *libctx, + const char *propq, int nid); /** * Creates a EC_GROUP object with a curve specified by a NID. Same as - * EC_GROUP_new_by_curve_name_ex but the libctx is always NULL. + * EC_GROUP_new_by_curve_name_with_libctx but the libctx and propq are always + * NULL. * \param nid NID of the OID of the curve name * \return newly created EC_GROUP object with specified curve or NULL * if an error occurred @@ -864,11 +867,11 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); * which case the default library context is used. * \return EC_KEY object or NULL if an error occurred. */ -EC_KEY *EC_KEY_new_ex(OPENSSL_CTX *ctx); +EC_KEY *EC_KEY_new_with_libctx(OPENSSL_CTX *ctx, const char *propq); /** - * Creates a new EC_KEY object. Same as calling EC_KEY_new_ex with a NULL - * library context + * Creates a new EC_KEY object. Same as calling EC_KEY_new_with_libctx with a + * NULL library context * \return EC_KEY object or NULL if an error occurred. */ EC_KEY *EC_KEY_new(void); @@ -882,17 +885,19 @@ void EC_KEY_clear_flags(EC_KEY *key, int flags); /** * Creates a new EC_KEY object using a named curve as underlying * EC_GROUP object. - * \param ctx The library context for to use for this EC_KEY. May be NULL in - * which case the default library context is used. - * \param nid NID of the named curve. + * \param ctx The library context for to use for this EC_KEY. May be NULL in + * which case the default library context is used. + * \param propq Any property query string + * \param nid NID of the named curve. * \return EC_KEY object or NULL if an error occurred. */ -EC_KEY *EC_KEY_new_by_curve_name_ex(OPENSSL_CTX *ctx, int nid); +EC_KEY *EC_KEY_new_by_curve_name_with_libctx(OPENSSL_CTX *ctx, const char *propq, + int nid); /** * Creates a new EC_KEY object using a named curve as underlying * EC_GROUP object. Same as calling EC_KEY_new_by_curve_name_ex with a NULL - * library context. + * library context and property query string. * \param nid NID of the named curve. * \return EC_KEY object or NULL if an error occurred. */ diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index 49adc7c681..033c94d9a9 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -128,7 +128,6 @@ int ERR_load_EC_strings(void); # define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 0 # define EC_F_EC_GROUP_NEW 0 # define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 0 -# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME_EX 0 # define EC_F_EC_GROUP_NEW_EX 0 # define EC_F_EC_GROUP_NEW_FROM_DATA 0 # define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 0 diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 9efb6af1c9..4d39570464 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -194,7 +194,7 @@ static int dummy_evp_call(OPENSSL_CTX *libctx) #ifndef OPENSSL_NO_EC /* Do some dummy EC calls */ - key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1); + key = EC_KEY_new_by_curve_name_with_libctx(libctx, NULL, NID_X9_62_prime256v1); if (key == NULL) goto err; diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 0b006047d5..cd8e7f5ece 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -244,7 +244,7 @@ int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl, static void *ec_newdata(void *provctx) { - return EC_KEY_new_ex(PROV_LIBRARY_CONTEXT_OF(provctx)); + return EC_KEY_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx), NULL); } static @@ -667,7 +667,7 @@ static int ec_gen_set_group(void *genctx, int nid) struct ec_gen_ctx *gctx = genctx; EC_GROUP *group; - group = EC_GROUP_new_by_curve_name_ex(gctx->libctx, nid); + group = EC_GROUP_new_by_curve_name_with_libctx(gctx->libctx, NULL, nid); if (group == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE); return 0; @@ -760,7 +760,7 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) int ret = 1; /* Start optimistically */ if (gctx == NULL - || (ec = EC_KEY_new_ex(gctx->libctx)) == NULL) + || (ec = EC_KEY_new_with_libctx(gctx->libctx, NULL)) == NULL) return NULL; /* We must always assign a group, no matter what */ diff --git a/test/build.info b/test/build.info index 430931b8e1..88b35d4d3c 100644 --- a/test/build.info +++ b/test/build.info @@ -35,9 +35,11 @@ IF[{- !$disabled{tests} -}] ectest ecstresstest gmdifftest pbelutest \ destest mdc2test \ enginetest exptest \ - evp_pkey_provided_test evp_test evp_extra_test evp_fetch_prov_test \ - acvp_test \ + evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ + evp_fetch_prov_test acvp_test \ v3nametest v3ext \ + evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ + evp_fetch_prov_test v3nametest v3ext \ crltest danetest bad_dtls_test lhash_test sparse_array_test \ conf_include_test params_api_test params_conversion_test \ constant_time_test verify_extra_test clienthellotest \ @@ -135,6 +137,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[evp_extra_test]=../include ../apps/include DEPEND[evp_extra_test]=../libcrypto libtestutil.a + SOURCE[evp_extra_test2]=evp_extra_test2.c + INCLUDE[evp_extra_test2]=../include ../apps/include + DEPEND[evp_extra_test2]=../libcrypto libtestutil.a + SOURCE[evp_fetch_prov_test]=evp_fetch_prov_test.c INCLUDE[evp_fetch_prov_test]=../include ../apps/include DEPEND[evp_fetch_prov_test]=../libcrypto libtestutil.a diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c new file mode 100644 index 0000000000..f4d8b98256 --- /dev/null +++ b/test/evp_extra_test2.c @@ -0,0 +1,237 @@ +/* + * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * TODO(3.0): Really these tests should be in evp_extra_test - but that doesn't + * yet support testing with a non-default libctx. Once it does we should move + * everything into one file. Consequently some things are duplicated between + * the two files. + */ + +#include +#include +#include "testutil.h" +#include "internal/nelem.h" + +static OPENSSL_CTX *libctx = NULL; +static OSSL_PROVIDER *nullprov = NULL; + +/* + * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you + * should never use this key anywhere but in an example. + */ +static const unsigned char kExampleRSAKeyDER[] = { + 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, + 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, + 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, + 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, + 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, + 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, + 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, + 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, + 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, + 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, + 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, + 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, + 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, + 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, + 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, + 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, + 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, + 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, + 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, + 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, + 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, + 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, + 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, + 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, + 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, + 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, + 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, + 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, + 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, + 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, + 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, + 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, + 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, + 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, + 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, + 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, + 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, + 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, + 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, + 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, + 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, + 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, + 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, + 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, + 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, + 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, + 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, + 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, + 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, + 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +/* + * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 + * PrivateKeyInfo. + */ +static const unsigned char kExampleRSAKeyPKCS8[] = { + 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, + 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, + 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, + 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, + 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, + 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, + 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, + 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, + 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, + 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, + 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, + 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, + 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, + 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, + 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, + 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, + 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, + 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, + 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, + 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, + 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, + 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, + 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, + 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, + 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, + 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, + 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, + 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, + 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, + 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, + 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, + 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, + 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, + 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, + 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, + 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, + 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, + 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, + 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, + 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, + 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, + 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, + 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, + 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, + 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, + 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, + 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, + 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, + 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, +}; + +#ifndef OPENSSL_NO_EC +/* + * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey + * structure. + */ +static const unsigned char kExampleECKeyDER[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, + 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, + 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, + 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, + 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, + 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, + 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, + 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, + 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, + 0xc1, +}; + +/* P-384 sample EC private key in PKCS8 format (no public key) */ +static const unsigned char kExampleECKey2DER[] = { + 0x30, 0x4E, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, 0x48, + 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x04, + 0x37, 0x30, 0x35, 0x02, 0x01, 0x01, 0x04, 0x30, 0x73, 0xE3, 0x3A, 0x05, + 0xF2, 0xB6, 0x99, 0x6D, 0x0C, 0x33, 0x7F, 0x15, 0x9E, 0x10, 0xA9, 0x17, + 0x4C, 0x0A, 0x82, 0x57, 0x71, 0x13, 0x7A, 0xAC, 0x46, 0xA2, 0x5E, 0x1C, + 0xE0, 0xC7, 0xB2, 0xF8, 0x20, 0x40, 0xC2, 0x27, 0xC8, 0xBE, 0x02, 0x7E, + 0x96, 0x69, 0xE0, 0x04, 0xCB, 0x89, 0x0B, 0x42 +}; +#endif + +typedef struct APK_DATA_st { + const unsigned char *kder; + size_t size; + int evptype; +} APK_DATA; + +static APK_DATA keydata[] = { + {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, + {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, +#ifndef OPENSSL_NO_EC + {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC}, + {kExampleECKey2DER, sizeof(kExampleECKey2DER), EVP_PKEY_EC} +#endif +}; + +/* This is the equivalent of test_d2i_AutoPrivateKey in evp_extra_test */ +static int test_d2i_AutoPrivateKey_ex(int i) +{ + int ret = 0; + const unsigned char *p; + EVP_PKEY *pkey = NULL; + const APK_DATA *ak = &keydata[i]; + const unsigned char *input = ak->kder; + size_t input_len = ak->size; + int expected_id = ak->evptype; + + p = input; + if (!TEST_ptr(pkey = d2i_AutoPrivateKey_ex(NULL, &p, input_len, libctx, + NULL)) + || !TEST_ptr_eq(p, input + input_len) + || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) + goto done; + + ret = 1; + + done: + EVP_PKEY_free(pkey); + return ret; +} + +int setup_tests(void) +{ + libctx = OPENSSL_CTX_new(); + + if (!TEST_ptr(libctx)) + return 0; + + nullprov = OSSL_PROVIDER_load(NULL, "null"); + if (!TEST_ptr(nullprov)) { + OPENSSL_CTX_free(libctx); + libctx = NULL; + return 0; + } + + ADD_ALL_TESTS(test_d2i_AutoPrivateKey_ex, OSSL_NELEM(keydata)); + + return 1; +} + +void cleanup_tests(void) +{ + OPENSSL_CTX_free(libctx); + OSSL_PROVIDER_unload(nullprov); +} diff --git a/test/recipes/30-test_evp_extra.t b/test/recipes/30-test_evp_extra.t index 3f4b963fdb..87dc328bcb 100644 --- a/test/recipes/30-test_evp_extra.t +++ b/test/recipes/30-test_evp_extra.t @@ -14,6 +14,7 @@ use OpenSSL::Test qw/:DEFAULT bldtop_dir/; setup("test_evp_extra"); -plan tests => 1; +plan tests => 2; ok(run(test(["evp_extra_test"])), "running evp_extra_test"); +ok(run(test(["evp_extra_test2"])), "running evp_extra_test2"); diff --git a/util/libcrypto.num b/util/libcrypto.num index 38cc5700d7..acaa17394e 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4683,9 +4683,9 @@ ERR_set_error ? 3_0_0 EXIST::FUNCTION: ERR_vset_error ? 3_0_0 EXIST::FUNCTION: X509_get0_authority_issuer ? 3_0_0 EXIST::FUNCTION: X509_get0_authority_serial ? 3_0_0 EXIST::FUNCTION: -EC_GROUP_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC -EC_KEY_new_ex ? 3_0_0 EXIST::FUNCTION:EC -EC_KEY_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC +EC_GROUP_new_by_curve_name_ex ? 3_0_0 NOEXIST::FUNCTION:EC +EC_KEY_new_ex ? 3_0_0 NOEXIST::FUNCTION:EC +EC_KEY_new_by_curve_name_ex ? 3_0_0 NOEXIST::FUNCTION:EC OPENSSL_hexstr2buf_ex ? 3_0_0 EXIST::FUNCTION: OPENSSL_buf2hexstr_ex ? 3_0_0 EXIST::FUNCTION: OSSL_PARAM_allocate_from_text ? 3_0_0 EXIST::FUNCTION: @@ -5100,3 +5100,6 @@ EVP_PKEY_parameters_eq ? 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_query_operation ? 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_get0_provider_ctx ? 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_get_capabilities ? 3_0_0 EXIST::FUNCTION: +EC_GROUP_new_by_curve_name_with_libctx ? 3_0_0 EXIST::FUNCTION:EC +EC_KEY_new_with_libctx ? 3_0_0 EXIST::FUNCTION:EC +EC_KEY_new_by_curve_name_with_libctx ? 3_0_0 EXIST::FUNCTION:EC From no-reply at appveyor.com Fri Jun 19 09:47:27 2020 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 19 Jun 2020 09:47:27 +0000 Subject: Build failed: openssl master.35008 Message-ID: <20200619094727.1.E44915C3528B9388@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Jun 19 10:37:17 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 19 Jun 2020 10:37:17 +0000 Subject: [openssl] master update Message-ID: <1592563037.568377.15999.nullmailer@dev.openssl.org> The branch master has been updated via f36c3885b500786449f85cf8a89c2a925506a4ed (commit) via cfbe41ea9138ba5f4fb6f859a72034ba4ddc693f (commit) from 989a85774b63a91ca8d3be558ec7560fdf91fa42 (commit) - Log ----------------------------------------------------------------- commit f36c3885b500786449f85cf8a89c2a925506a4ed Author: Matt Caswell Date: Wed Jun 17 11:37:39 2020 +0100 Return the cookie_len value from generate_cookie_callback The generate_cookie_callback was failing to pass back the generated cookie length to the caller. This results in DTLS connection failures from s_server. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12179) commit cfbe41ea9138ba5f4fb6f859a72034ba4ddc693f Author: Matt Caswell Date: Wed Jun 17 11:34:49 2020 +0100 Fix the DTLS1_COOKIE_LENGTH value The DTLS1_COOKIE_LENGTH value was incorrect in the header files. We couldn't change it before due to ABI concerns. However 3.0 is not ABI compatible so we can now fix it. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12179) ----------------------------------------------------------------------- Summary of changes: apps/lib/s_cb.c | 7 +++++-- include/openssl/dtls1.h | 7 ++----- ssl/statem/statem_srvr.c | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index d021c868c3..5bddde5b03 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -745,6 +745,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, EVP_MAC *hmac = NULL; EVP_MAC_CTX *ctx = NULL; OSSL_PARAM params[3], *p = params; + size_t mac_len; /* Initialize a random secret */ if (!cookie_initialized) { @@ -808,10 +809,11 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, BIO_printf(bio_err, "HMAC context update failed\n"); goto end; } - if (!EVP_MAC_final(ctx, cookie, NULL, (size_t)cookie_len)) { + if (!EVP_MAC_final(ctx, cookie, &mac_len, DTLS1_COOKIE_LENGTH)) { BIO_printf(bio_err, "HMAC context final failed\n"); goto end; } + *cookie_len = (int)mac_len; res = 1; end: OPENSSL_free(buffer); @@ -840,7 +842,8 @@ int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, size_t *cookie_len) { - unsigned int temp; + unsigned int temp = 0; + int res = generate_cookie_callback(ssl, cookie, &temp); *cookie_len = temp; return res; diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h index bfc2d6e38f..a68cffd1d4 100644 --- a/include/openssl/dtls1.h +++ b/include/openssl/dtls1.h @@ -36,11 +36,8 @@ extern "C" { # define DTLS_ANY_VERSION 0x1FFFF /* lengths of messages */ -/* - * Actually the max cookie length in DTLS is 255. But we can't change this now - * due to compatibility concerns. - */ -# define DTLS1_COOKIE_LENGTH 256 + +# define DTLS1_COOKIE_LENGTH 255 # define DTLS1_RT_HEADER_LENGTH 13 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index d3913e1b7d..abffbd6326 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1312,7 +1312,7 @@ int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt) if (s->ctx->app_gen_cookie_cb == NULL || s->ctx->app_gen_cookie_cb(s, s->d1->cookie, &cookie_leni) == 0 || - cookie_leni > 255) { + cookie_leni > DTLS1_COOKIE_LENGTH) { SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); return 0; From matt at openssl.org Fri Jun 19 10:45:41 2020 From: matt at openssl.org (Matt Caswell) Date: Fri, 19 Jun 2020 10:45:41 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1592563541.800350.24110.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 4dcfdfce93d6c5b5065323b0488ea93a938acb49 (commit) via 19b4fe5844b71620c87de2ffb8734c99d833f636 (commit) via ce7bd71a428b0907958beb6dfa71681e751b33d1 (commit) via 86863f2ddc4200e5048e28c40ed6521495010699 (commit) from e705b920bf9a6737b5abcb57ca14824959e1e630 (commit) - Log ----------------------------------------------------------------- commit 4dcfdfce93d6c5b5065323b0488ea93a938acb49 Author: Matt Caswell Date: Wed May 27 11:50:05 2020 +0100 Make it clear that you can't use all ciphers for CMAC Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12107) commit 19b4fe5844b71620c87de2ffb8734c99d833f636 Author: Matt Caswell Date: Wed May 27 11:40:24 2020 +0100 Add a CMAC test We did not have a test of the low level CMAC APIs so we add one. This is heavily based on the HMAC test. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12107) commit ce7bd71a428b0907958beb6dfa71681e751b33d1 Author: Matt Caswell Date: Wed May 27 11:38:39 2020 +0100 Correctly handle the return value from EVP_Cipher() in the CMAC code EVP_Cipher() is a very low level routine that directly calls the underlying cipher function. It's return value semantics are very odd. Depending on the type of cipher 0 or -1 is returned on error. We should just check for <=0 for a failure. Fixes #11957 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12107) commit 86863f2ddc4200e5048e28c40ed6521495010699 Author: Matt Caswell Date: Wed May 27 11:37:39 2020 +0100 Ensure we never use a partially initialised CMAC_CTX If the CMAC_CTX is partially initialised then we make a note of this so that future operations will fail if the initialisation has not been completed. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12107) ----------------------------------------------------------------------- Summary of changes: crypto/cmac/cmac.c | 19 ++- doc/man3/EVP_PKEY_new.pod | 3 +- test/build.info | 9 + test/cmactest.c | 210 ++++++++++++++++++++++++ test/recipes/{05-test_cast.t => 05-test_cmac.t} | 4 +- 5 files changed, 236 insertions(+), 9 deletions(-) create mode 100644 test/cmactest.c copy test/recipes/{05-test_cast.t => 05-test_cmac.t} (71%) diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 6989c32d06..1a76486205 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -116,11 +116,18 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, return 1; } /* Initialise context */ - if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) - return 0; + if (cipher != NULL) { + /* Ensure we can't use this ctx until we also have a key */ + ctx->nlast_block = -1; + if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) + return 0; + } /* Non-NULL key means initialisation complete */ - if (key) { + if (key != NULL) { int bl; + + /* If anything fails then ensure we can't use this ctx */ + ctx->nlast_block = -1; if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) return 0; if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) @@ -128,7 +135,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) return 0; bl = EVP_CIPHER_CTX_block_size(ctx->cctx); - if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0) return 0; make_kn(ctx->k1, ctx->tbl, bl); make_kn(ctx->k2, ctx->k1, bl); @@ -166,12 +173,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) return 1; data += nleft; /* Else not final block so encrypt it */ - if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl) <= 0) return 0; } /* Encrypt all but one of the complete blocks left */ while (dlen > bl) { - if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) + if (EVP_Cipher(ctx->cctx, ctx->tbl, data, bl) <= 0) return 0; dlen -= bl; data += bl; diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index 667269cc62..faf5a117e5 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -66,7 +66,8 @@ B, B, B or B. EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key() except it is only for the B algorithm type. In addition to the raw private key data, it also takes a cipher algorithm to be used during -creation of a CMAC in the B argument. +creation of a CMAC in the B argument. The cipher should be a standard +encryption only cipher. For example AEAD and XTS ciphers should not be used. EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key(). New applications should use EVP_PKEY_new_raw_private_key() instead. diff --git a/test/build.info b/test/build.info index 200fb8c141..56ac14eabd 100644 --- a/test/build.info +++ b/test/build.info @@ -461,6 +461,9 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN IF[{- !$disabled{ec} -}] PROGRAMS_NO_INST=ec_internal_test curve448_internal_test ENDIF + IF[{- !$disabled{cmac} -}] + PROGRAMS_NO_INST=cmactest + ENDIF SOURCE[poly1305_internal_test]=poly1305_internal_test.c INCLUDE[poly1305_internal_test]=.. ../include @@ -494,6 +497,12 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[ctype_internal_test]=.. ../include DEPEND[ctype_internal_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{cmac} -}] + SOURCE[cmactest]=cmactest.c + INCLUDE[cmactest]=../include ../apps/include + DEPEND[cmactest]=../libcrypto.a libtestutil.a + ENDIF + SOURCE[siphash_internal_test]=siphash_internal_test.c INCLUDE[siphash_internal_test]=.. ../include DEPEND[siphash_internal_test]=../libcrypto.a libtestutil.a diff --git a/test/cmactest.c b/test/cmactest.c new file mode 100644 index 0000000000..ddd753782f --- /dev/null +++ b/test/cmactest.c @@ -0,0 +1,210 @@ +/* + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +#include "internal/nelem.h" + +#include +#include +#include + +#include "testutil.h" + +static const char xtskey[32] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f +}; + +static struct test_st { + const char key[32]; + int key_len; + const unsigned char data[64]; + int data_len; + const char *mac; +} test[3] = { + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }, + 16, + "My test data", + 12, + "29cec977c48f63c200bd5c4a6881b224" + }, + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }, + 32, + "My test data", + 12, + "db6493aa04e4761f473b2b453c031c9a" + }, + { + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }, + 32, + "My test data again", + 18, + "65c11c75ecf590badd0a5e56cbb8af60" + }, +}; + +static char *pt(unsigned char *md, unsigned int len); + +static int test_cmac_bad(void) +{ + CMAC_CTX *ctx = NULL; + int ret = 0; + + ctx = CMAC_CTX_new(); + if (!TEST_ptr(ctx) + || !TEST_false(CMAC_Init(ctx, NULL, 0, NULL, NULL)) + || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len)) + /* Should be able to pass cipher first, and then key */ + || !TEST_true(CMAC_Init(ctx, NULL, 0, EVP_aes_128_cbc(), NULL)) + /* Must have a key */ + || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len)) + /* Now supply the key */ + || !TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, NULL, NULL)) + /* Update should now work */ + || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) + /* XTS is not a suitable cipher to use */ + || !TEST_false(CMAC_Init(ctx, xtskey, sizeof(xtskey), EVP_aes_128_xts(), + NULL)) + || !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len))) + goto err; + + ret = 1; +err: + CMAC_CTX_free(ctx); + return ret; +} + +static int test_cmac_run(void) +{ + char *p; + CMAC_CTX *ctx = NULL; + unsigned char buf[AES_BLOCK_SIZE]; + size_t len; + int ret = 0; + + ctx = CMAC_CTX_new(); + + if (!TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, + EVP_aes_128_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + + p = pt(buf, len); + if (!TEST_str_eq(p, test[0].mac)) + goto err; + + if (!TEST_true(CMAC_Init(ctx, test[1].key, test[1].key_len, + EVP_aes_256_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[1].data, test[1].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + + p = pt(buf, len); + if (!TEST_str_eq(p, test[1].mac)) + goto err; + + if (!TEST_true(CMAC_Init(ctx, test[2].key, test[2].key_len, NULL, NULL)) + || !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[2].mac)) + goto err; + /* Test reusing a key */ + if (!TEST_true(CMAC_Init(ctx, NULL, 0, NULL, NULL)) + || !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[2].mac)) + goto err; + + /* Test setting the cipher and key separately */ + if (!TEST_true(CMAC_Init(ctx, NULL, 0, EVP_aes_256_cbc(), NULL)) + || !TEST_true(CMAC_Init(ctx, test[2].key, test[2].key_len, NULL, NULL)) + || !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len)) + || !TEST_true(CMAC_Final(ctx, buf, &len))) + goto err; + p = pt(buf, len); + if (!TEST_str_eq(p, test[2].mac)) + goto err; + + ret = 1; +err: + CMAC_CTX_free(ctx); + return ret; +} + +static int test_cmac_copy(void) +{ + char *p; + CMAC_CTX *ctx = NULL, *ctx2 = NULL; + unsigned char buf[AES_BLOCK_SIZE]; + size_t len; + int ret = 0; + + ctx = CMAC_CTX_new(); + ctx2 = CMAC_CTX_new(); + if (!TEST_ptr(ctx) || !TEST_ptr(ctx2)) + goto err; + + if (!TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, + EVP_aes_128_cbc(), NULL)) + || !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len)) + || !TEST_true(CMAC_CTX_copy(ctx2, ctx)) + || !TEST_true(CMAC_Final(ctx2, buf, &len))) + goto err; + + p = pt(buf, len); + if (!TEST_str_eq(p, test[0].mac)) + goto err; + + ret = 1; +err: + CMAC_CTX_free(ctx2); + CMAC_CTX_free(ctx); + return ret; +} + +static char *pt(unsigned char *md, unsigned int len) +{ + unsigned int i; + static char buf[80]; + + for (i = 0; i < len; i++) + sprintf(&(buf[i * 2]), "%02x", md[i]); + return buf; +} + +int setup_tests(void) +{ + ADD_TEST(test_cmac_bad); + ADD_TEST(test_cmac_run); + ADD_TEST(test_cmac_copy); + return 1; +} + diff --git a/test/recipes/05-test_cast.t b/test/recipes/05-test_cmac.t similarity index 71% copy from test/recipes/05-test_cast.t copy to test/recipes/05-test_cmac.t index 46c61dacb3..499f713f93 100644 --- a/test/recipes/05-test_cast.t +++ b/test/recipes/05-test_cmac.t @@ -1,7 +1,7 @@ #! /usr/bin/env perl # Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. # -# Licensed under the OpenSSL license (the "License"). You may not use +# Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html @@ -9,4 +9,4 @@ use OpenSSL::Test::Simple; -simple_test("test_cast", "casttest", "cast"); +simple_test("test_cmac", "cmactest", "cmac"); From builds at travis-ci.com Fri Jun 19 10:46:02 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 19 Jun 2020 10:46:02 +0000 Subject: Errored: openssl/openssl#35557 (master - edeaa96) In-Reply-To: Message-ID: <5eec976a44a0f_13fb41d5a85dc353570@travis-pro-tasks-569685d7fc-kh5zl.mail> Build Update for openssl/openssl ------------------------------------- Build: #35557 Status: Errored Duration: 1 hr, 52 mins, and 42 secs Commit: edeaa96 (master) Author: Benny Baumann Message: Add missing section on asymmetric ciphers Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12170) View the changeset: https://github.com/openssl/openssl/compare/6f72b210b2ae...edeaa96ae6aa View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172174027?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Jun 19 13:29:41 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 19 Jun 2020 13:29:41 +0000 Subject: Errored: openssl/openssl#35559 (master - 48e971d) In-Reply-To: Message-ID: <5eecbdc4853bf_13f996d0a515422705c@travis-pro-tasks-64d44d7b7f-crc4n.mail> Build Update for openssl/openssl ------------------------------------- Build: #35559 Status: Errored Duration: 2 hrs, 3 mins, and 37 secs Commit: 48e971d (master) Author: Matt Caswell Message: Create defines for TLS Group Ids Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/11914) View the changeset: https://github.com/openssl/openssl/compare/edeaa96ae6aa...48e971dd9f88 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172182886?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Jun 19 15:10:46 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 19 Jun 2020 15:10:46 +0000 Subject: Errored: openssl/openssl#35560 (master - 989a857) In-Reply-To: Message-ID: <5eecd576557da_13f996d01417c5705cf@travis-pro-tasks-64d44d7b7f-crc4n.mail> Build Update for openssl/openssl ------------------------------------- Build: #35560 Status: Errored Duration: 2 hrs, 17 mins, and 22 secs Commit: 989a857 (master) Author: Matt Caswell Message: Add evp_extra_test2 to .gitignore This is a test executable which should not be added to the repository Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12159) View the changeset: https://github.com/openssl/openssl/compare/48e971dd9f88...989a85774b63 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172184474?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Jun 19 16:45:19 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 19 Jun 2020 16:45:19 +0000 Subject: Errored: openssl/openssl#35561 (master - f36c388) In-Reply-To: Message-ID: <5eeceb9e69931_13fcde4c0a7a012075b@travis-pro-tasks-69cf8ccbcb-rt4c8.mail> Build Update for openssl/openssl ------------------------------------- Build: #35561 Status: Errored Duration: 2 hrs, 10 mins, and 42 secs Commit: f36c388 (master) Author: Matt Caswell Message: Return the cookie_len value from generate_cookie_callback The generate_cookie_callback was failing to pass back the generated cookie length to the caller. This results in DTLS connection failures from s_server. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12179) View the changeset: https://github.com/openssl/openssl/compare/989a85774b63...f36c3885b500 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172192656?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Fri Jun 19 18:05:55 2020 From: builds at travis-ci.com (Travis CI) Date: Fri, 19 Jun 2020 18:05:55 +0000 Subject: Errored: openssl/openssl#35563 (OpenSSL_1_1_1-stable - 4dcfdfc) In-Reply-To: Message-ID: <5eecfe831f418_13fa3e0ba92a82190b0@travis-pro-tasks-69cf8ccbcb-h8npm.mail> Build Update for openssl/openssl ------------------------------------- Build: #35563 Status: Errored Duration: 41 mins and 1 sec Commit: 4dcfdfc (OpenSSL_1_1_1-stable) Author: Matt Caswell Message: Make it clear that you can't use all ciphers for CMAC Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12107) View the changeset: https://github.com/openssl/openssl/compare/e705b920bf9a...4dcfdfce93d6 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172193624?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Sat Jun 20 07:17:09 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Sat, 20 Jun 2020 07:17:09 +0000 Subject: [openssl] master update Message-ID: <1592637429.184487.31769.nullmailer@dev.openssl.org> The branch master has been updated via 760aaf1bb4696b51d50798a4a895ef04e312c49a (commit) from f36c3885b500786449f85cf8a89c2a925506a4ed (commit) - Log ----------------------------------------------------------------- commit 760aaf1bb4696b51d50798a4a895ef04e312c49a Author: Pauli Date: Fri Jun 19 17:17:37 2020 +1000 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12200) ----------------------------------------------------------------------- Summary of changes: doc/man3/OSSL_PARAM_int.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index 09215184a7..739c2a8c2d 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -27,7 +27,8 @@ OSSL_PARAM_set_int64, OSSL_PARAM_set_long, OSSL_PARAM_set_size_t, OSSL_PARAM_set_uint, OSSL_PARAM_set_uint32, OSSL_PARAM_set_uint64, OSSL_PARAM_set_ulong, OSSL_PARAM_set_BN, OSSL_PARAM_set_utf8_string, OSSL_PARAM_set_octet_string, OSSL_PARAM_set_utf8_ptr, -OSSL_PARAM_set_octet_ptr, OSSL_PARAM_UNMODIFIED +OSSL_PARAM_set_octet_ptr, +OSSL_PARAM_UNMODIFIED, OSSL_PARAM_modified, OSSL_PARAM_set_all_unmodified - OSSL_PARAM helpers =head1 SYNOPSIS From no-reply at appveyor.com Sat Jun 20 08:14:07 2020 From: no-reply at appveyor.com (AppVeyor) Date: Sat, 20 Jun 2020 08:14:07 +0000 Subject: Build failed: openssl master.35026 Message-ID: <20200620081407.1.7BFD5D2F7680AB5C@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Sat Jun 20 09:03:12 2020 From: levitte at openssl.org (Richard Levitte) Date: Sat, 20 Jun 2020 09:03:12 +0000 Subject: [openssl] master update Message-ID: <1592643792.965645.17545.nullmailer@dev.openssl.org> The branch master has been updated via 5797e309fce89b5aa9f690ad82f272552b4c7987 (commit) from 760aaf1bb4696b51d50798a4a895ef04e312c49a (commit) - Log ----------------------------------------------------------------- commit 5797e309fce89b5aa9f690ad82f272552b4c7987 Author: Richard Levitte Date: Fri Jun 19 10:08:33 2020 +0200 Build: Remove faulty DES assembler spec crypto/des/build.info had a faulty spec that ghash-ia64 should be compiled for DES. Removed. Fixes #12197 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12203) ----------------------------------------------------------------------- Summary of changes: crypto/des/build.info | 1 - 1 file changed, 1 deletion(-) diff --git a/crypto/des/build.info b/crypto/des/build.info index eb0c75496b..b73e740bec 100644 --- a/crypto/des/build.info +++ b/crypto/des/build.info @@ -1,7 +1,6 @@ $DESASM=des_enc.c fcrypt_b.c IF[{- !$disabled{asm} -}] $DESASM_x86=des-586.s crypt586.s - $DESASM_ia64=ghash-ia64.s $DESASM_sparcv9=des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S $DESASM_sparcv8=des_enc-sparc.S fcrypt_b.c From builds at travis-ci.com Sat Jun 20 09:47:19 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 20 Jun 2020 09:47:19 +0000 Subject: Errored: openssl/openssl#35574 (master - 760aaf1) In-Reply-To: Message-ID: <5eeddb26da0d7_13f91f16a8bc43741f@travis-pro-tasks-6bf49bbd95-nkppq.mail> Build Update for openssl/openssl ------------------------------------- Build: #35574 Status: Errored Duration: 1 hr, 50 mins, and 6 secs Commit: 760aaf1 (master) Author: Pauli Message: doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12200) View the changeset: https://github.com/openssl/openssl/compare/f36c3885b500...760aaf1bb469 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172306616?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sat Jun 20 11:20:09 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 20 Jun 2020 11:20:09 +0000 Subject: Errored: openssl/openssl#35575 (master - 5797e30) In-Reply-To: Message-ID: <5eedf0e946877_13f91f30e9efc67071@travis-pro-tasks-6bf49bbd95-nkppq.mail> Build Update for openssl/openssl ------------------------------------- Build: #35575 Status: Errored Duration: 2 hrs, 10 mins, and 12 secs Commit: 5797e30 (master) Author: Richard Levitte Message: Build: Remove faulty DES assembler spec crypto/des/build.info had a faulty spec that ghash-ia64 should be compiled for DES. Removed. Fixes #12197 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12203) View the changeset: https://github.com/openssl/openssl/compare/760aaf1bb469...5797e309fce8 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172309457?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kaduk at mit.edu Sat Jun 20 16:47:10 2020 From: kaduk at mit.edu (kaduk at mit.edu) Date: Sat, 20 Jun 2020 16:47:10 +0000 Subject: [openssl] master update Message-ID: <1592671630.161029.9055.nullmailer@dev.openssl.org> The branch master has been updated via 7cc5e0d283800c757e46d1476273d271120aa38d (commit) via 320d96a32c16de1adbf11f76819fe738f24665b1 (commit) from 5797e309fce89b5aa9f690ad82f272552b4c7987 (commit) - Log ----------------------------------------------------------------- commit 7cc5e0d283800c757e46d1476273d271120aa38d Author: Benjamin Kaduk Date: Mon Jun 1 12:31:55 2020 -0700 Allow oversized buffers for provider cipher IV fetch When we're fetching an IV, there's no need to enforce that the provided buffer is exactly the same size as the IV we want to write into it. This might happen, for example, when EVP_CIPHER_CTX_iv_noconst() passes sizeof(ctx->iv) (that is, EVP_MAX_IV_LENGTH) for an AES-GCM cipher that uses a shorter IV. AES-OCB and CCM were also affected. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12039) commit 320d96a32c16de1adbf11f76819fe738f24665b1 Author: Benjamin Kaduk Date: Mon Jun 1 14:33:54 2020 -0700 Set cipher IV as octet string and pointer from providers OSSL_CIPHER_PARAM_IV can be accessed both as an octet string and as an octet pointer (for routines like EVP_CIPHER_CTX_iv() that are in a nebulous undocumented-and-might-go-away-eventually state), the latter for when there is need to modify the actual value in the provider. Make sure that we consistently try to set it as both the string and pointer forms (not just octet string) and only fail if neither version succeeds. The generic cipher get_ctx_params routine was already doing so, but the AES-variant-, GCM-, and CCM-specific ones were not. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12039) ----------------------------------------------------------------------- Summary of changes: providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c | 3 ++- providers/implementations/ciphers/cipher_aes_ocb.c | 5 +++-- providers/implementations/ciphers/ciphercommon_ccm.c | 5 +++-- providers/implementations/ciphers/ciphercommon_gcm.c | 5 +++-- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index 34bd3c151f..ece4341a3f 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -229,7 +229,8 @@ static int aes_get_ctx_params(void *vctx, OSSL_PARAM params[]) } p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL - && !OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)) { + && !OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen) + && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c index 859f3524a4..84ba062d6b 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb.c +++ b/providers/implementations/ciphers/cipher_aes_ocb.c @@ -401,11 +401,12 @@ static int aes_ocb_get_ctx_params(void *vctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL) { - if (ctx->base.ivlen != p->data_size) { + if (ctx->base.ivlen > p->data_size) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return 0; } - if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen)) { + if (!OSSL_PARAM_set_octet_string(p, ctx->base.oiv, ctx->base.ivlen) + && !OSSL_PARAM_set_octet_ptr(p, &ctx->base.oiv, ctx->base.ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c b/providers/implementations/ciphers/ciphercommon_ccm.c index 80c2230d96..2b9a0687e3 100644 --- a/providers/implementations/ciphers/ciphercommon_ccm.c +++ b/providers/implementations/ciphers/ciphercommon_ccm.c @@ -160,11 +160,12 @@ int ccm_get_ctx_params(void *vctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); if (p != NULL) { - if (ccm_get_ivlen(ctx) != p->data_size) { + if (ccm_get_ivlen(ctx) > p->data_size) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IVLEN); return 0; } - if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size)) { + if (!OSSL_PARAM_set_octet_string(p, ctx->iv, p->data_size) + && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, p->data_size)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c index c6d53de41e..7daa8dce5b 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm.c +++ b/providers/implementations/ciphers/ciphercommon_gcm.c @@ -156,11 +156,12 @@ int gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) if (p != NULL) { if (ctx->iv_gen != 1 && ctx->iv_gen_rand != 1) return 0; - if (ctx->ivlen != p->data_size) { + if (ctx->ivlen > p->data_size) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return 0; } - if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen)) { + if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen) + && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } From builds at travis-ci.com Sat Jun 20 19:23:00 2020 From: builds at travis-ci.com (Travis CI) Date: Sat, 20 Jun 2020 19:23:00 +0000 Subject: Errored: openssl/openssl#35582 (master - 7cc5e0d) In-Reply-To: Message-ID: <5eee6213d75eb_13fd6a36123081011e2@travis-pro-tasks-845bbbd749-hf4kg.mail> Build Update for openssl/openssl ------------------------------------- Build: #35582 Status: Errored Duration: 1 hr, 51 mins, and 14 secs Commit: 7cc5e0d (master) Author: Benjamin Kaduk Message: Allow oversized buffers for provider cipher IV fetch When we're fetching an IV, there's no need to enforce that the provided buffer is exactly the same size as the IV we want to write into it. This might happen, for example, when EVP_CIPHER_CTX_iv_noconst() passes sizeof(ctx->iv) (that is, EVP_MAX_IV_LENGTH) for an AES-GCM cipher that uses a shorter IV. AES-OCB and CCM were also affected. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12039) View the changeset: https://github.com/openssl/openssl/compare/5797e309fce8...7cc5e0d28380 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172330907?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From pauli at openssl.org Sun Jun 21 06:51:03 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Sun, 21 Jun 2020 06:51:03 +0000 Subject: [openssl] master update Message-ID: <1592722263.527493.20187.nullmailer@dev.openssl.org> The branch master has been updated via c720fc35f4aa90cdc7cdc424b976c5322fb0098e (commit) from 7cc5e0d283800c757e46d1476273d271120aa38d (commit) - Log ----------------------------------------------------------------- commit c720fc35f4aa90cdc7cdc424b976c5322fb0098e Author: Pauli Date: Thu Jun 18 11:01:08 2020 +1000 namemap: change ossl_namemap_empty() to do what the documentation says. The function is documented as returning 1 when passed a NULL argument. Instead it core dumps. Added a unit test for this. Additionally, a performance improvement is incorporated. The namemap max_number field is only ever compared against zero and incremented. The zero comparison grabs a lock specifically for this check. This change uses TSAN operations instead if they are available. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12181) ----------------------------------------------------------------------- Summary of changes: crypto/core_namemap.c | 25 +++++++++++++++++++------ test/namemap_internal_test.c | 27 +++++++++++++++++++++++---- 2 files changed, 42 insertions(+), 10 deletions(-) diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c index 94c80de091..e17b3ac0e2 100644 --- a/crypto/core_namemap.c +++ b/crypto/core_namemap.c @@ -11,6 +11,7 @@ #include "internal/namemap.h" #include #include "crypto/lhash.h" /* openssl_lh_strcasehash */ +#include "internal/tsan_assist.h" /*- * The namenum entry @@ -34,7 +35,12 @@ struct ossl_namemap_st { CRYPTO_RWLOCK *lock; LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */ - int max_number; /* Current max number */ + +#ifdef tsan_ld_acq + TSAN_QUALIFIER int max_number; /* Current max number TSAN version */ +#else + int max_number; /* Current max number plain version */ +#endif }; /* LHASH callbacks */ @@ -91,14 +97,21 @@ static const OPENSSL_CTX_METHOD stored_namemap_method = { int ossl_namemap_empty(OSSL_NAMEMAP *namemap) { - int rv = 0; +#ifdef tsan_ld_acq + /* Have TSAN support */ + return namemap == NULL || tsan_load(&namemap->max_number) == 0; +#else + /* No TSAN support */ + int rv; + + if (namemap == NULL) + return 1; CRYPTO_THREAD_read_lock(namemap->lock); - if (namemap->max_number == 0) - rv = 1; + rv = namemap->max_number == 0; CRYPTO_THREAD_unlock(namemap->lock); - return rv; +#endif } typedef struct doall_names_data_st { @@ -216,7 +229,7 @@ int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, goto err; namenum->number = tmp_number = - number != 0 ? number : ++namemap->max_number; + number != 0 ? number : 1 + tsan_counter(&namemap->max_number); (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum); if (lh_NAMENUM_ENTRY_error(namemap->namenum)) diff --git a/test/namemap_internal_test.c b/test/namemap_internal_test.c index 9c94440f91..c1f77561e4 100644 --- a/test/namemap_internal_test.c +++ b/test/namemap_internal_test.c @@ -16,6 +16,20 @@ #define ALIAS1 "alias1" #define ALIAS1_UC "ALIAS1" +static int test_namemap_empty(void) +{ + OSSL_NAMEMAP *nm = NULL; + int ok; + + ok = TEST_true(ossl_namemap_empty(NULL)) + && TEST_ptr(nm = ossl_namemap_new()) + && TEST_true(ossl_namemap_empty(nm)) + && TEST_int_ne(ossl_namemap_add_name(nm, 0, NAME1), 0) + && TEST_false(ossl_namemap_empty(nm)); + ossl_namemap_free(nm); + return ok; +} + static int test_namemap(OSSL_NAMEMAP *nm) { int num1 = ossl_namemap_add_name(nm, 0, NAME1); @@ -42,7 +56,7 @@ static int test_namemap(OSSL_NAMEMAP *nm) static int test_namemap_independent(void) { OSSL_NAMEMAP *nm = ossl_namemap_new(); - int ok = nm != NULL && test_namemap(nm); + int ok = TEST_ptr(nm) && test_namemap(nm); ossl_namemap_free(nm); return ok; @@ -52,7 +66,7 @@ static int test_namemap_stored(void) { OSSL_NAMEMAP *nm = ossl_namemap_stored(NULL); - return nm != NULL + return TEST_ptr(nm) && test_namemap(nm); } @@ -66,6 +80,8 @@ static int test_digestbyname(void) OSSL_NAMEMAP *nm = ossl_namemap_stored(NULL); const EVP_MD *sha256, *foo; + if (!TEST_ptr(nm)) + return 0; id = ossl_namemap_add_name(nm, 0, "SHA256"); if (!TEST_int_ne(id, 0)) return 0; @@ -92,6 +108,8 @@ static int test_cipherbyname(void) OSSL_NAMEMAP *nm = ossl_namemap_stored(NULL); const EVP_CIPHER *aes128, *bar; + if (!TEST_ptr(nm)) + return 0; id = ossl_namemap_add_name(nm, 0, "AES-128-CBC"); if (!TEST_int_ne(id, 0)) return 0; @@ -117,7 +135,7 @@ static int test_cipher_is_a(void) EVP_CIPHER *fetched = EVP_CIPHER_fetch(NULL, "AES-256-CCM", NULL); int rv = 1; - if (!TEST_ptr_ne(fetched, NULL)) + if (!TEST_ptr(fetched)) return 0; if (!TEST_true(EVP_CIPHER_is_a(fetched, "id-aes256-CCM")) || !TEST_false(EVP_CIPHER_is_a(fetched, "AES-128-GCM"))) @@ -139,7 +157,7 @@ static int test_digest_is_a(void) EVP_MD *fetched = EVP_MD_fetch(NULL, "SHA2-512", NULL); int rv = 1; - if (!TEST_ptr_ne(fetched, NULL)) + if (!TEST_ptr(fetched)) return 0; if (!TEST_true(EVP_MD_is_a(fetched, "SHA512")) || !TEST_false(EVP_MD_is_a(fetched, "SHA1"))) @@ -154,6 +172,7 @@ static int test_digest_is_a(void) int setup_tests(void) { + ADD_TEST(test_namemap_empty); ADD_TEST(test_namemap_independent); ADD_TEST(test_namemap_stored); ADD_TEST(test_digestbyname); From scan-admin at coverity.com Sun Jun 21 07:53:29 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 21 Jun 2020 07:53:29 +0000 (UTC) Subject: Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5eef11f8ce208_1625f52b13db506f5854337@prd-scan-dashboard-0.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDoN19TFJwpfzx7faM2hcaNQ-3D-3DVepN_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeGxSsWlVmJHHYm3H6o50u5VuTE2t1ejmONepiQiLfH3T9837dhpzs-2F4Z50FGZA3LVhd3sVVh3ZBy4fFZaRpRoXCTnXaQm0Yq-2BUqpozEp0dSCUI5glxpnjKbhZeZT-2BPtIo9BZhUyh3iIQ19JO-2FxQ349oFDjvKvbnihKkxR5HTIqBzoJZak23fcDxypTa5UKaYxg-3D Build ID: 322104 Analysis Summary: New defects found: 0 Defects eliminated: 0 From scan-admin at coverity.com Sun Jun 21 07:54:00 2020 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 21 Jun 2020 07:54:00 +0000 (UTC) Subject: Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5eef121896ecf_1626602b13db506f58543a5@prd-scan-dashboard-0.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExPWvbuQnlOROdcN604ufBDi0WH2X69cApo3pLD935e8Q-3D-3DWaQo_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeG-2Bw3n2kMC01qs2ophh9RnfJ15D1eWcnsljPj0yXmYxryEBKZDsXfu3hIOifhsnUknpaJ0i4k-2BSF0RfFDhy3r-2F8WvWvifVtzJLz7SIZDywTpLK7fZW3ibrymxmtHsR-2F54CNEBWE853Ef7g9uUwdgJ6duzoYLYj27-2FMBrV-2B5-2BuvX6WwSoegZ9tfXr6BWpkBGKes-3D Build ID: 322103 Analysis Summary: New defects found: 10 Defects eliminated: 6 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/ls/click?upn=QsMnDxMCOVVs7CDlyD2jouKTgNlKFinTRd3y-2BJC7sZryfVdWHH2BBU620aHLHGfhMXPTHYY5wQ5zOiTMnTlWDg-3D-3DyXOa_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeG-2Bw3n2kMC01qs2ophh9RnfJ15D1eWcnsljPj0yXmYxr2wbNDBNfRBlOQZfGqp0FDpTV7emUqQ0lM87C1CyQb2zfJ5GgHCGXeFkcYyx840Lw9d5hziJmghgfNugorcuKSGr7SLlDcxrWMts-2FTLUMLIjbE8SoF87oBu7pL7LvSM8w4M2jr-2FIqAGPfynVLS6ttCs-3D From levitte at openssl.org Sun Jun 21 08:11:59 2020 From: levitte at openssl.org (Richard Levitte) Date: Sun, 21 Jun 2020 08:11:59 +0000 Subject: [openssl] master update Message-ID: <1592727119.761625.2772.nullmailer@dev.openssl.org> The branch master has been updated via 200ae2ee8e1cec5c9af2ea36298bf6583bcd415d (commit) via 75e35c9ad1a0075d443202866fb1760d2e889d4e (commit) from c720fc35f4aa90cdc7cdc424b976c5322fb0098e (commit) - Log ----------------------------------------------------------------- commit 200ae2ee8e1cec5c9af2ea36298bf6583bcd415d Author: FdaSilvaYY Date: Fri Jun 19 23:33:24 2020 +0200 Fix one typo in a comment. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12209) commit 75e35c9ad1a0075d443202866fb1760d2e889d4e Author: FdaSilvaYY Date: Fri Jun 19 23:22:09 2020 +0200 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. Fixes #12155 Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12209) ----------------------------------------------------------------------- Summary of changes: crypto/ess/build.info | 3 ++- include/internal/refcount.h | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/ess/build.info b/crypto/ess/build.info index fa2bc41d08..3570633d73 100644 --- a/crypto/ess/build.info +++ b/crypto/ess/build.info @@ -1,6 +1,7 @@ LIBS=../../libcrypto -IF[{- !$disabled{'cms'} and !$disabled{'ts'} -}] +# compile ess_lib.c when cms or ts are enabled +IF[{- !$disabled{'cms'} or !$disabled{'ts'} -}] SOURCE[../../libcrypto]= ess_lib.c ENDIF diff --git a/include/internal/refcount.h b/include/internal/refcount.h index 4feecf971c..1d1af772cc 100644 --- a/include/internal/refcount.h +++ b/include/internal/refcount.h @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -145,7 +145,7 @@ static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) /* * All the refcounting implementations above define HAVE_ATOMICS, so if it's - * still undefined here (such as when OPENSSL_DEV_NO_ATMOICS is defined), it + * still undefined here (such as when OPENSSL_DEV_NO_ATOMICS is defined), it * means we need to implement a fallback. This fallback uses locks. */ # ifndef HAVE_ATOMICS From builds at travis-ci.com Sun Jun 21 08:40:19 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 21 Jun 2020 08:40:19 +0000 Subject: Errored: openssl/openssl#35587 (master - c720fc3) In-Reply-To: Message-ID: <5eef1cf38ee1b_13fe163da670c72558@travis-pro-tasks-6dcb6785b5-pjx7v.mail> Build Update for openssl/openssl ------------------------------------- Build: #35587 Status: Errored Duration: 1 hr, 47 mins, and 43 secs Commit: c720fc3 (master) Author: Pauli Message: namemap: change ossl_namemap_empty() to do what the documentation says. The function is documented as returning 1 when passed a NULL argument. Instead it core dumps. Added a unit test for this. Additionally, a performance improvement is incorporated. The namemap max_number field is only ever compared against zero and incremented. The zero comparison grabs a lock specifically for this check. This change uses TSAN operations instead if they are available. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12181) View the changeset: https://github.com/openssl/openssl/compare/7cc5e0d28380...c720fc35f4aa View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172365915?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sun Jun 21 10:56:50 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 21 Jun 2020 10:56:50 +0000 Subject: Errored: openssl/openssl#35589 (master - 200ae2e) In-Reply-To: Message-ID: <5eef3cf1d9f19_13fbe3c5a868010214c@travis-pro-tasks-6dcb6785b5-lfbm5.mail> Build Update for openssl/openssl ------------------------------------- Build: #35589 Status: Errored Duration: 1 hr, 50 mins, and 19 secs Commit: 200ae2e (master) Author: FdaSilvaYY Message: Fix one typo in a comment. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12209) View the changeset: https://github.com/openssl/openssl/compare/c720fc35f4aa...200ae2ee8e1c View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172368450?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Sun Jun 21 11:36:02 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Sun, 21 Jun 2020 11:36:02 +0000 Subject: [openssl] master update Message-ID: <1592739362.331576.10777.nullmailer@dev.openssl.org> The branch master has been updated via d4bf0d57a84a9bcdeba839b66138949be8221e17 (commit) from 200ae2ee8e1cec5c9af2ea36298bf6583bcd415d (commit) - Log ----------------------------------------------------------------- commit d4bf0d57a84a9bcdeba839b66138949be8221e17 Author: Nicola Tuveri Date: Tue Jun 16 20:12:13 2020 +0300 Flag RSA secret BNs as consttime on keygen and checks switched the default code path for keygen. External testing through TriggerFlow highlighted that in several places we failed (once more!) to set the `BN_FLG_CONSTTIME` flag on critical secret values (either long term or temporary values). This commit tries to make sure that the secret BN values inside the `rsa struct` are always flagged on creation, and that temporary values derived from these secrets are flagged when allocated from a BN_CTX. Acknowledgments --------------- Thanks to @Voker57, @bbbrumley, @sohhas, @cpereida for the [OpenSSL Triggerflow CI] ([paper]) through which this defect was detected and tested, and for providing early feedback to fix the issue! [OpenSSL Triggerflow CI]: https://gitlab.com/nisec/openssl-triggerflow-ci [paper]: https://eprint.iacr.org/2019/366 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12167) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_rsa_fips186_4.c | 1 + crypto/rsa/rsa_gen.c | 6 ++++++ crypto/rsa/rsa_sp800_56b_check.c | 41 ++++++++++++++++++++++++++++++++++++---- crypto/rsa/rsa_sp800_56b_gen.c | 34 +++++++++++++++++++++++++++------ 4 files changed, 72 insertions(+), 10 deletions(-) diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c index 935320ff2d..a8b0a69aee 100644 --- a/crypto/bn/bn_rsa_fips186_4.c +++ b/crypto/bn/bn_rsa_fips186_4.c @@ -109,6 +109,7 @@ static int bn_rsa_fips186_4_find_aux_prob_prime(const BIGNUM *Xp1, if (BN_copy(p1, Xp1) == NULL) return 0; + BN_set_flags(p1, BN_FLG_CONSTTIME); /* Find the first odd number >= Xp1 that is probably prime */ for(;;) { diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 1495cefa83..e391f6419a 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -126,18 +126,24 @@ static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes, goto err; if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL)) goto err; + BN_set_flags(rsa->d, BN_FLG_CONSTTIME); if (!rsa->e && ((rsa->e = BN_new()) == NULL)) goto err; if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL)) goto err; + BN_set_flags(rsa->p, BN_FLG_CONSTTIME); if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL)) goto err; + BN_set_flags(rsa->q, BN_FLG_CONSTTIME); if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL)) goto err; + BN_set_flags(rsa->dmp1, BN_FLG_CONSTTIME); if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL)) goto err; + BN_set_flags(rsa->dmq1, BN_FLG_CONSTTIME); if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) goto err; + BN_set_flags(rsa->iqmp, BN_FLG_CONSTTIME); /* initialize multi-prime components */ if (primes > RSA_DEFAULT_PRIME_NUM) { diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c index df9b7bf054..9840d08285 100644 --- a/crypto/rsa/rsa_sp800_56b_check.c +++ b/crypto/rsa/rsa_sp800_56b_check.c @@ -37,7 +37,15 @@ int rsa_check_crt_components(const RSA *rsa, BN_CTX *ctx) r = BN_CTX_get(ctx); p1 = BN_CTX_get(ctx); q1 = BN_CTX_get(ctx); - ret = (q1 != NULL) + if (q1 != NULL) { + BN_set_flags(r, BN_FLG_CONSTTIME); + BN_set_flags(p1, BN_FLG_CONSTTIME); + BN_set_flags(q1, BN_FLG_CONSTTIME); + ret = 1; + } else { + ret = 0; + } + ret = ret /* p1 = p -1 */ && (BN_copy(p1, rsa->p) != NULL) && BN_sub_word(p1, 1) @@ -62,6 +70,7 @@ int rsa_check_crt_components(const RSA *rsa, BN_CTX *ctx) /* (f) 1 = (qInv . q) mod p */ && BN_mod_mul(r, rsa->iqmp, rsa->q, rsa->p, ctx) && BN_is_one(r); + BN_clear(r); BN_clear(p1); BN_clear(q1); BN_CTX_end(ctx); @@ -138,7 +147,14 @@ int rsa_check_prime_factor(BIGNUM *p, BIGNUM *e, int nbits, BN_CTX *ctx) BN_CTX_start(ctx); p1 = BN_CTX_get(ctx); gcd = BN_CTX_get(ctx); - ret = (gcd != NULL) + if (gcd != NULL) { + BN_set_flags(p1, BN_FLG_CONSTTIME); + BN_set_flags(gcd, BN_FLG_CONSTTIME); + ret = 1; + } else { + ret = 0; + } + ret = ret /* (Step 5d) GCD(p-1, e) = 1 */ && (BN_copy(p1, p) != NULL) && BN_sub_word(p1, 1) @@ -172,7 +188,18 @@ int rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx) lcm = BN_CTX_get(ctx); p1q1 = BN_CTX_get(ctx); gcd = BN_CTX_get(ctx); - ret = (gcd != NULL + if (gcd != NULL) { + BN_set_flags(r, BN_FLG_CONSTTIME); + BN_set_flags(p1, BN_FLG_CONSTTIME); + BN_set_flags(q1, BN_FLG_CONSTTIME); + BN_set_flags(lcm, BN_FLG_CONSTTIME); + BN_set_flags(p1q1, BN_FLG_CONSTTIME); + BN_set_flags(gcd, BN_FLG_CONSTTIME); + ret = 1; + } else { + ret = 0; + } + ret = (ret /* LCM(p - 1, q - 1) */ && (rsa_get_lcm(ctx, rsa->p, rsa->q, lcm, gcd, p1, q1, p1q1) == 1) /* (Step 6a) d < LCM(p - 1, q - 1) */ @@ -181,6 +208,7 @@ int rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx) && BN_mod_mul(r, rsa->e, rsa->d, lcm, ctx) && BN_is_one(r)); + BN_clear(r); BN_clear(p1); BN_clear(q1); BN_clear(lcm); @@ -236,7 +264,12 @@ int rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q, return (BN_num_bits(diff) > bitlen); } -/* return LCM(p-1, q-1) */ +/* + * return LCM(p-1, q-1) + * + * Caller should ensure that lcm, gcd, p1, q1, p1q1 are flagged with + * BN_FLG_CONSTTIME. + */ int rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q, BIGNUM *lcm, BIGNUM *gcd, BIGNUM *p1, BIGNUM *q1, BIGNUM *p1q1) diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index 9d7e1f1ebf..df15b8ce87 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -108,6 +108,8 @@ int rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, int nbits, Xqo = (Xqout != NULL) ? Xqout : BN_CTX_get(ctx); if (tmp == NULL || Xpo == NULL || Xqo == NULL) goto err; + BN_set_flags(Xpo, BN_FLG_CONSTTIME); + BN_set_flags(Xqo, BN_FLG_CONSTTIME); if (rsa->p == NULL) rsa->p = BN_secure_new(); @@ -115,6 +117,8 @@ int rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, int nbits, rsa->q = BN_secure_new(); if (rsa->p == NULL || rsa->q == NULL) goto err; + BN_set_flags(rsa->p, BN_FLG_CONSTTIME); + BN_set_flags(rsa->q, BN_FLG_CONSTTIME); /* (Step 4) Generate p, Xp */ if (!bn_rsa_fips186_4_gen_prob_primes(rsa->p, Xpo, p1, p2, Xp, Xp1, Xp2, @@ -217,6 +221,12 @@ int rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits, if (gcd == NULL) goto err; + BN_set_flags(p1, BN_FLG_CONSTTIME); + BN_set_flags(q1, BN_FLG_CONSTTIME); + BN_set_flags(lcm, BN_FLG_CONSTTIME); + BN_set_flags(p1q1, BN_FLG_CONSTTIME); + BN_set_flags(gcd, BN_FLG_CONSTTIME); + /* LCM((p-1, q-1)) */ if (rsa_get_lcm(ctx, rsa->p, rsa->q, lcm, gcd, p1, q1, p1q1) != 1) goto err; @@ -230,7 +240,10 @@ int rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits, BN_clear_free(rsa->d); /* (Step 3) d = (e^-1) mod (LCM(p-1, q-1)) */ rsa->d = BN_secure_new(); - if (rsa->d == NULL || BN_mod_inverse(rsa->d, e, lcm, ctx) == NULL) + if (rsa->d == NULL) + goto err; + BN_set_flags(rsa->d, BN_FLG_CONSTTIME); + if (BN_mod_inverse(rsa->d, e, lcm, ctx) == NULL) goto err; /* (Step 3) return an error if d is too small */ @@ -247,21 +260,29 @@ int rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits, /* (Step 5a) dP = d mod (p-1) */ if (rsa->dmp1 == NULL) - rsa->dmp1 = BN_new(); - if (rsa->dmp1 == NULL || !BN_mod(rsa->dmp1, rsa->d, p1, ctx)) + rsa->dmp1 = BN_secure_new(); + if (rsa->dmp1 == NULL) + goto err; + BN_set_flags(rsa->dmp1, BN_FLG_CONSTTIME); + if (!BN_mod(rsa->dmp1, rsa->d, p1, ctx)) goto err; /* (Step 5b) dQ = d mod (q-1) */ if (rsa->dmq1 == NULL) rsa->dmq1 = BN_secure_new(); - if (rsa->dmq1 == NULL || !BN_mod(rsa->dmq1, rsa->d, q1, ctx)) + if (rsa->dmq1 == NULL) + goto err; + BN_set_flags(rsa->dmq1, BN_FLG_CONSTTIME); + if (!BN_mod(rsa->dmq1, rsa->d, q1, ctx)) goto err; /* (Step 5c) qInv = (inverse of q) mod p */ BN_free(rsa->iqmp); rsa->iqmp = BN_secure_new(); - if (rsa->iqmp == NULL - || BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx) == NULL) + if (rsa->iqmp == NULL) + goto err; + BN_set_flags(rsa->iqmp, BN_FLG_CONSTTIME); + if (BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx) == NULL) goto err; rsa->dirty_cnt++; @@ -379,6 +400,7 @@ int rsa_sp800_56b_pairwise_test(RSA *rsa, BN_CTX *ctx) k = BN_CTX_get(ctx); if (k == NULL) goto err; + BN_set_flags(k, BN_FLG_CONSTTIME); ret = (BN_set_word(k, 2) && BN_mod_exp(tmp, k, rsa->e, rsa->n, ctx) From nic.tuv at gmail.com Sun Jun 21 13:41:01 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Sun, 21 Jun 2020 13:41:01 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1592746861.286360.17675.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 35bb0e44c6168facbb3acedbc7d4f2dcbdd65224 (commit) from 4dcfdfce93d6c5b5065323b0488ea93a938acb49 (commit) - Log ----------------------------------------------------------------- commit 35bb0e44c6168facbb3acedbc7d4f2dcbdd65224 Author: Nicola Tuveri Date: Sat Jun 13 17:29:09 2020 +0300 Refactor BN_R_NO_INVERSE logic in internal functions Closes #12129 As described in https://github.com/openssl/openssl/issues/12129 the readability of the internal functions providing the two alternative implementations for `BN_mod_inverse()` is a bit lacking. Both these functions are now completely internal, so we have the flexibility needed to slightly improve readability and remove unnecessary NULL checks. The main changes here are: - rename `BN_mod_inverse_no_branch()` as `bn_mod_inverse_no_branch()`: this function is `static` so it is not even visible within the rest of libcrypto. By convention upcase prefixes are reserved for public functions. - remove `if (pnoinv == NULL)` checks in `int_bn_mod_inverse()`: this function is internal to the BN module and we can guarantee that all callers pass non-NULL arguments. - `bn_mod_inverse_no_branch()` takes an extra `int *pnoinv` argument, so that it can signal if no inverse exists for the given inputs: in this way the caller is in charge of raising `BN_R_NO_INVERSE` as it is the case for the non-consttime implementation of `int_bn_mod_inverse()`. - `BN_mod_inverse()` is a public function and must guarantee that the internal functions providing the actual implementation receive valid arguments. If the caller passes a NULL `BN_CTX` we create a temporary one for internal use. - reorder function definitions in `crypto/bn/bn_gcd.c` to avoid forward declaration of `static` functions (in preparation for inlining) - inline `bn_mod_inverse_no_branch()`. (Backport to 1.1.1 from https://github.com/openssl/openssl/pull/12142) (cherry picked from commit 5d8b3a3ef2941b8822523742a0408ca6896aa65d) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12169) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_gcd.c | 384 +++++++++++++++++++++++++++------------------------ include/openssl/bn.h | 2 +- 2 files changed, 201 insertions(+), 185 deletions(-) diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index ef81acb77b..795dc0b698 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -10,22 +10,189 @@ #include "internal/cryptlib.h" #include "bn_local.h" -/* solves ax == 1 (mod n) */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx); - -BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +/* + * bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does + * not contain branches that may leak sensitive information. + * + * This is a static function, we ensure all callers in this file pass valid + * arguments: all passed pointers here are non-NULL. + */ +static ossl_inline +BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx, int *pnoinv) { - BIGNUM *rv; - int noinv; - rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); - if (noinv) - BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); - return rv; + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM *ret = NULL; + int sign; + + bn_check_top(a); + bn_check_top(n); + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + B = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + D = BN_CTX_get(ctx); + M = BN_CTX_get(ctx); + Y = BN_CTX_get(ctx); + T = BN_CTX_get(ctx); + if (T == NULL) + goto err; + + if (in == NULL) + R = BN_new(); + else + R = in; + if (R == NULL) + goto err; + + BN_one(X); + BN_zero(Y); + if (BN_copy(B, a) == NULL) + goto err; + if (BN_copy(A, n) == NULL) + goto err; + A->neg = 0; + + if (B->neg || (BN_ucmp(B, A) >= 0)) { + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_B; + bn_init(&local_B); + BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); + if (!BN_nnmod(B, &local_B, A, ctx)) + goto err; + /* Ensure local_B goes out of scope before any further use of B */ + } + } + sign = -1; + /*- + * From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + */ + + while (!BN_is_zero(B)) { + BIGNUM *tmp; + + /*- + * 0 < B < A, + * (*) -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|) + */ + + /* + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + { + BIGNUM local_A; + bn_init(&local_A); + BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); + + /* (D, M) := (A/B, A%B) ... */ + if (!BN_div(D, M, &local_A, B, ctx)) + goto err; + /* Ensure local_A goes out of scope before any further use of A */ + } + + /*- + * Now + * A = D*B + M; + * thus we have + * (**) sign*Y*a == D*B + M (mod |n|). + */ + + tmp = A; /* keep the BIGNUM object, the value does not + * matter */ + + /* (A, B) := (B, A mod B) ... */ + A = B; + B = M; + /* ... so we have 0 <= B < A again */ + + /*- + * Since the former M is now B and the former B is now A, + * (**) translates into + * sign*Y*a == D*A + B (mod |n|), + * i.e. + * sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * -sign*X*a == A (mod |n|). + * + * Thus, + * sign*Y*a + D*sign*X*a == B (mod |n|), + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ + + if (!BN_mul(tmp, D, X, ctx)) + goto err; + if (!BN_add(tmp, tmp, Y)) + goto err; + + M = Y; /* keep the BIGNUM object, the value does not + * matter */ + Y = X; + X = tmp; + sign = -sign; + } + + /*- + * The while loop (Euclid's algorithm) ends when + * A == gcd(a,n); + * we have + * sign*Y*a == A (mod |n|), + * where Y is non-negative. + */ + + if (sign < 0) { + if (!BN_sub(Y, n, Y)) + goto err; + } + /* Now Y*a == A (mod |n|). */ + + if (BN_is_one(A)) { + /* Y*a == 1 (mod |n|) */ + if (!Y->neg && BN_ucmp(Y, n) < 0) { + if (!BN_copy(R, Y)) + goto err; + } else { + if (!BN_nnmod(R, Y, n, ctx)) + goto err; + } + } else { + *pnoinv = 1; + /* caller sets the BN_R_NO_INVERSE error */ + goto err; + } + + ret = R; + *pnoinv = 0; + + err: + if ((ret == NULL) && (in == NULL)) + BN_free(R); + BN_CTX_end(ctx); + bn_check_top(ret); + return ret; } +/* + * This is an internal function, we assume all callers pass valid arguments: + * all pointers passed here are assumed non-NULL. + */ BIGNUM *int_bn_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, int *pnoinv) @@ -36,17 +203,15 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, /* This is invalid input so we don't worry about constant time here */ if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { - if (pnoinv != NULL) - *pnoinv = 1; + *pnoinv = 1; return NULL; } - if (pnoinv != NULL) - *pnoinv = 0; + *pnoinv = 0; if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { - return BN_mod_inverse_no_branch(in, a, n, ctx); + return bn_mod_inverse_no_branch(in, a, n, ctx, pnoinv); } bn_check_top(a); @@ -332,8 +497,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, goto err; } } else { - if (pnoinv) - *pnoinv = 1; + *pnoinv = 1; goto err; } ret = R; @@ -345,175 +509,27 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, return ret; } -/* - * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does - * not contain branches that may leak sensitive information. - */ -static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx) +/* solves ax == 1 (mod n) */ +BIGNUM *BN_mod_inverse(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) { - BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; - BIGNUM *ret = NULL; - int sign; - - bn_check_top(a); - bn_check_top(n); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - D = BN_CTX_get(ctx); - M = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - T = BN_CTX_get(ctx); - if (T == NULL) - goto err; - - if (in == NULL) - R = BN_new(); - else - R = in; - if (R == NULL) - goto err; - - BN_one(X); - BN_zero(Y); - if (BN_copy(B, a) == NULL) - goto err; - if (BN_copy(A, n) == NULL) - goto err; - A->neg = 0; - - if (B->neg || (BN_ucmp(B, A) >= 0)) { - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_B; - bn_init(&local_B); - BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); - if (!BN_nnmod(B, &local_B, A, ctx)) - goto err; - /* Ensure local_B goes out of scope before any further use of B */ - } - } - sign = -1; - /*- - * From B = a mod |n|, A = |n| it follows that - * - * 0 <= B < A, - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - */ - - while (!BN_is_zero(B)) { - BIGNUM *tmp; - - /*- - * 0 < B < A, - * (*) -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|) - */ - - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_A; - bn_init(&local_A); - BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); + BN_CTX *new_ctx = NULL; + BIGNUM *rv; + int noinv = 0; - /* (D, M) := (A/B, A%B) ... */ - if (!BN_div(D, M, &local_A, B, ctx)) - goto err; - /* Ensure local_A goes out of scope before any further use of A */ + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) { + BNerr(BN_F_BN_MOD_INVERSE, ERR_R_MALLOC_FAILURE); + return NULL; } - - /*- - * Now - * A = D*B + M; - * thus we have - * (**) sign*Y*a == D*B + M (mod |n|). - */ - - tmp = A; /* keep the BIGNUM object, the value does not - * matter */ - - /* (A, B) := (B, A mod B) ... */ - A = B; - B = M; - /* ... so we have 0 <= B < A again */ - - /*- - * Since the former M is now B and the former B is now A, - * (**) translates into - * sign*Y*a == D*A + B (mod |n|), - * i.e. - * sign*Y*a - D*A == B (mod |n|). - * Similarly, (*) translates into - * -sign*X*a == A (mod |n|). - * - * Thus, - * sign*Y*a + D*sign*X*a == B (mod |n|), - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. - */ - - if (!BN_mul(tmp, D, X, ctx)) - goto err; - if (!BN_add(tmp, tmp, Y)) - goto err; - - M = Y; /* keep the BIGNUM object, the value does not - * matter */ - Y = X; - X = tmp; - sign = -sign; - } - - /*- - * The while loop (Euclid's algorithm) ends when - * A == gcd(a,n); - * we have - * sign*Y*a == A (mod |n|), - * where Y is non-negative. - */ - - if (sign < 0) { - if (!BN_sub(Y, n, Y)) - goto err; } - /* Now Y*a == A (mod |n|). */ - if (BN_is_one(A)) { - /* Y*a == 1 (mod |n|) */ - if (!Y->neg && BN_ucmp(Y, n) < 0) { - if (!BN_copy(R, Y)) - goto err; - } else { - if (!BN_nnmod(R, Y, n, ctx)) - goto err; - } - } else { - BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE); - goto err; - } - ret = R; - err: - if ((ret == NULL) && (in == NULL)) - BN_free(R); - BN_CTX_end(ctx); - bn_check_top(ret); - return ret; + rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); + if (noinv) + BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); + BN_CTX_free(new_ctx); + return rv; } /*- diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 8af05d00e5..88091df693 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -56,7 +56,7 @@ extern "C" { * avoid leaking exponent information through timing, * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, * BN_div() will call BN_div_no_branch, - * BN_mod_inverse() will call BN_mod_inverse_no_branch. + * BN_mod_inverse() will call bn_mod_inverse_no_branch. */ # define BN_FLG_CONSTTIME 0x04 # define BN_FLG_SECURE 0x08 From builds at travis-ci.com Sun Jun 21 13:57:10 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 21 Jun 2020 13:57:10 +0000 Subject: Errored: openssl/openssl#35591 (master - d4bf0d5) In-Reply-To: Message-ID: <5eef67362b1d9_13f8bad0a8cb414227e@travis-pro-tasks-5c4486dd75-7hztx.mail> Build Update for openssl/openssl ------------------------------------- Build: #35591 Status: Errored Duration: 1 hr, 46 mins, and 44 secs Commit: d4bf0d5 (master) Author: Nicola Tuveri Message: Flag RSA secret BNs as consttime on keygen and checks switched the default code path for keygen. External testing through TriggerFlow highlighted that in several places we failed (once more!) to set the `BN_FLG_CONSTTIME` flag on critical secret values (either long term or temporary values). This commit tries to make sure that the secret BN values inside the `rsa struct` are always flagged on creation, and that temporary values derived from these secrets are flagged when allocated from a BN_CTX. Acknowledgments --------------- Thanks to @Voker57, @bbbrumley, @sohhas, @cpereida for the [OpenSSL Triggerflow CI] ([paper]) through which this defect was detected and tested, and for providing early feedback to fix the issue! [OpenSSL Triggerflow CI]: https://gitlab.com/nisec/openssl-triggerflow-ci [paper]: https://eprint.iacr.org/2019/366 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12167) View the changeset: https://github.com/openssl/openssl/compare/200ae2ee8e1c...d4bf0d57a84a View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172375463?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nic.tuv at gmail.com Sun Jun 21 15:10:51 2020 From: nic.tuv at gmail.com (nic.tuv at gmail.com) Date: Sun, 21 Jun 2020 15:10:51 +0000 Subject: [openssl] master update Message-ID: <1592752251.034872.28700.nullmailer@dev.openssl.org> The branch master has been updated via 13da2e61bf16f932a8d80bc934605d61556f3e0e (commit) from d4bf0d57a84a9bcdeba839b66138949be8221e17 (commit) - Log ----------------------------------------------------------------- commit 13da2e61bf16f932a8d80bc934605d61556f3e0e Author: Billy Brumley Date: Sat Jun 20 10:11:11 2020 +0300 [doc/man3] finish EC_GROUP_get_field_type documentation https://github.com/openssl/openssl/pull/11928 documented `EC_GROUP_get_field_type` behavior in the `man` page but did not add the name to the function list. Fixes #12189. Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12214) ----------------------------------------------------------------------- Summary of changes: doc/man3/EC_GROUP_copy.pod | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/doc/man3/EC_GROUP_copy.pod b/doc/man3/EC_GROUP_copy.pod index ee3ce27bb5..1dd0364d98 100644 --- a/doc/man3/EC_GROUP_copy.pod +++ b/doc/man3/EC_GROUP_copy.pod @@ -12,7 +12,8 @@ EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_named_curve, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, -EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field +EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field, +EC_GROUP_get_field_type - Functions for manipulating EC_GROUP objects =head1 SYNOPSIS @@ -42,9 +43,9 @@ EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group); - unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); - size_t EC_GROUP_get_seed_len(const EC_GROUP *); - size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group); + size_t EC_GROUP_get_seed_len(const EC_GROUP *group); + size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *, size_t len); int EC_GROUP_get_degree(const EC_GROUP *group); @@ -56,11 +57,13 @@ EC_GROUP_get_pentanomial_basis, EC_GROUP_get0_field int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); - int EC_GROUP_get_basis_type(const EC_GROUP *); - int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); - int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + int EC_GROUP_get_basis_type(const EC_GROUP *group); + int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k); + int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, unsigned int *k2, unsigned int *k3); + int EC_GROUP_get_field_type(const EC_GROUP *group); + Deprecated since OpenSSL 3.0: const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); From builds at travis-ci.com Sun Jun 21 15:16:08 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 21 Jun 2020 15:16:08 +0000 Subject: Passed: openssl/openssl#35593 (OpenSSL_1_1_1-stable - 35bb0e4) In-Reply-To: Message-ID: <5eef79b7ac1df_13f86099a70d01594cf@travis-pro-tasks-5c4486dd75-k6c5g.mail> Build Update for openssl/openssl ------------------------------------- Build: #35593 Status: Passed Duration: 41 mins and 2 secs Commit: 35bb0e4 (OpenSSL_1_1_1-stable) Author: Nicola Tuveri Message: Refactor BN_R_NO_INVERSE logic in internal functions Closes #12129 As described in https://github.com/openssl/openssl/issues/12129 the readability of the internal functions providing the two alternative implementations for `BN_mod_inverse()` is a bit lacking. Both these functions are now completely internal, so we have the flexibility needed to slightly improve readability and remove unnecessary NULL checks. The main changes here are: - rename `BN_mod_inverse_no_branch()` as `bn_mod_inverse_no_branch()`: this function is `static` so it is not even visible within the rest of libcrypto. By convention upcase prefixes are reserved for public functions. - remove `if (pnoinv == NULL)` checks in `int_bn_mod_inverse()`: this function is internal to the BN module and we can guarantee that all callers pass non-NULL arguments. - `bn_mod_inverse_no_branch()` takes an extra `int *pnoinv` argument, so that it can signal if no inverse exists for the given inputs: in this way the caller is in charge of raising `BN_R_NO_INVERSE` as it is the case for the non-consttime implementation of `int_bn_mod_inverse()`. - `BN_mod_inverse()` is a public function and must guarantee that the internal functions providing the actual implementation receive valid arguments. If the caller passes a NULL `BN_CTX` we create a temporary one for internal use. - reorder function definitions in `crypto/bn/bn_gcd.c` to avoid forward declaration of `static` functions (in preparation for inlining) - inline `bn_mod_inverse_no_branch()`. (Backport to 1.1.1 from https://github.com/openssl/openssl/pull/12142) (cherry picked from commit 5d8b3a3ef2941b8822523742a0408ca6896aa65d) Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12169) View the changeset: https://github.com/openssl/openssl/compare/4dcfdfce93d6...35bb0e44c616 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172379850?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Sun Jun 21 18:33:48 2020 From: builds at travis-ci.com (Travis CI) Date: Sun, 21 Jun 2020 18:33:48 +0000 Subject: Errored: openssl/openssl#35596 (master - 13da2e6) In-Reply-To: Message-ID: <5eefa80c308e7_13facffbbb4d026292c@travis-pro-tasks-68fc895d95-nnd27.mail> Build Update for openssl/openssl ------------------------------------- Build: #35596 Status: Errored Duration: 1 hr, 47 mins, and 26 secs Commit: 13da2e6 (master) Author: Billy Brumley Message: [doc/man3] finish EC_GROUP_get_field_type documentation https://github.com/openssl/openssl/pull/11928 documented `EC_GROUP_get_field_type` behavior in the `man` page but did not add the name to the function list. Fixes #12189. Reviewed-by: Matt Caswell Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12214) View the changeset: https://github.com/openssl/openssl/compare/d4bf0d57a84a...13da2e61bf16 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172383212?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From patrick.steuer at de.ibm.com Mon Jun 22 00:41:22 2020 From: patrick.steuer at de.ibm.com (patrick.steuer at de.ibm.com) Date: Mon, 22 Jun 2020 00:41:22 +0000 Subject: [openssl] master update Message-ID: <1592786482.905807.10985.nullmailer@dev.openssl.org> The branch master has been updated via b55a0b0ff209f7004c16e1bf69dd557167878fd6 (commit) from 13da2e61bf16f932a8d80bc934605d61556f3e0e (commit) - Log ----------------------------------------------------------------- commit b55a0b0ff209f7004c16e1bf69dd557167878fd6 Author: Patrick Steuer Date: Sat Jun 20 17:59:02 2020 +0200 Print CPUINFO also for s390 processors Signed-off-by: Patrick Steuer Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12216) ----------------------------------------------------------------------- Summary of changes: crypto/info.c | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/crypto/info.c b/crypto/info.c index 968184fceb..a106e8c885 100644 --- a/crypto/info.c +++ b/crypto/info.c @@ -17,6 +17,12 @@ #if defined(__arm__) || defined(__arm) || defined(__aarch64__) # include "arm_arch.h" +# define CPU_INFO_STR_LEN 128 +#elif defined(__s390__) || defined(__s390x__) +# include "s390x_arch.h" +# define CPU_INFO_STR_LEN 2048 +#else +# define CPU_INFO_STR_LEN 128 #endif /* extern declaration to avoid warning */ @@ -24,7 +30,7 @@ extern char ossl_cpu_info_str[]; static char *seed_sources = NULL; -char ossl_cpu_info_str[128] = ""; +char ossl_cpu_info_str[CPU_INFO_STR_LEN] = ""; #define CPUINFO_PREFIX "CPUINFO: " static CRYPTO_ONCE init_info = CRYPTO_ONCE_STATIC_INIT; @@ -56,6 +62,42 @@ DEFINE_RUN_ONCE_STATIC(init_info_strings) BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), " env:%s", env); +# elif defined(__s390__) || defined(__s390x__) + const char *env; + + BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), + CPUINFO_PREFIX "OPENSSL_s390xcap=" + "stfle:0x%llx:0x%llx:0x%llx:0x%llx:" + "kimd:0x%llx:0x%llx:" + "klmd:0x%llx:0x%llx:" + "km:0x%llx:0x%llx:" + "kmc:0x%llx:0x%llx:" + "kmac:0x%llx:0x%llx:" + "kmctr:0x%llx:0x%llx:" + "kmo:0x%llx:0x%llx:" + "kmf:0x%llx:0x%llx:" + "prno:0x%llx:0x%llx:" + "kma:0x%llx:0x%llx:" + "pcc:0x%llx:0x%llx:" + "kdsa:0x%llx:0x%llx", + OPENSSL_s390xcap_P.stfle[0], OPENSSL_s390xcap_P.stfle[1], + OPENSSL_s390xcap_P.stfle[2], OPENSSL_s390xcap_P.stfle[3], + OPENSSL_s390xcap_P.kimd[0], OPENSSL_s390xcap_P.kimd[1], + OPENSSL_s390xcap_P.klmd[0], OPENSSL_s390xcap_P.klmd[1], + OPENSSL_s390xcap_P.km[0], OPENSSL_s390xcap_P.km[1], + OPENSSL_s390xcap_P.kmc[0], OPENSSL_s390xcap_P.kmc[1], + OPENSSL_s390xcap_P.kmac[0], OPENSSL_s390xcap_P.kmac[1], + OPENSSL_s390xcap_P.kmctr[0], OPENSSL_s390xcap_P.kmctr[1], + OPENSSL_s390xcap_P.kmo[0], OPENSSL_s390xcap_P.kmo[1], + OPENSSL_s390xcap_P.kmf[0], OPENSSL_s390xcap_P.kmf[1], + OPENSSL_s390xcap_P.prno[0], OPENSSL_s390xcap_P.prno[1], + OPENSSL_s390xcap_P.kma[0], OPENSSL_s390xcap_P.kma[1], + OPENSSL_s390xcap_P.pcc[0], OPENSSL_s390xcap_P.pcc[1], + OPENSSL_s390xcap_P.kdsa[0], OPENSSL_s390xcap_P.kdsa[1]); + if ((env = getenv("OPENSSL_s390xcap")) != NULL) + BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), + sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), + " env:%s", env); # endif #endif From openssl at openssl.org Mon Jun 22 01:45:53 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jun 2020 01:45:53 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit Message-ID: <1592790353.683710.18738.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=203, Tests=1935, 836 wallclock secs ( 8.57 usr 1.39 sys + 742.74 cusr 51.18 csys = 803.88 CPU) Result: FAIL Makefile:3103: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-autoerrinit' Makefile:3101: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Mon Jun 22 02:30:33 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 22 Jun 2020 02:30:33 +0000 Subject: Errored: openssl/openssl#35599 (master - b55a0b0) In-Reply-To: Message-ID: <5ef017c8a8ca1_13fd12e60838c1862bd@travis-pro-tasks-685df9c998-l9t75.mail> Build Update for openssl/openssl ------------------------------------- Build: #35599 Status: Errored Duration: 1 hr, 47 mins, and 50 secs Commit: b55a0b0 (master) Author: Patrick Steuer Message: Print CPUINFO also for s390 processors Signed-off-by: Patrick Steuer Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/12216) View the changeset: https://github.com/openssl/openssl/compare/13da2e61bf16...b55a0b0ff209 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172406499?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jun 22 04:56:51 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jun 2020 04:56:51 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1592801811.874463.19394.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming From openssl at openssl.org Mon Jun 22 07:18:09 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jun 2020 07:18:09 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des Message-ID: <1592810289.260401.4662.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=203, Tests=1908, 776 wallclock secs ( 8.62 usr 1.31 sys + 733.41 cusr 45.64 csys = 788.98 CPU) Result: FAIL Makefile:3066: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-des' Makefile:3064: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jun 22 07:40:51 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jun 2020 07:40:51 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dgram Message-ID: <1592811651.528097.12525.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dgram Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=203, Tests=2008, 784 wallclock secs ( 8.24 usr 1.12 sys + 704.34 cusr 45.77 csys = 759.47 CPU) Result: FAIL Makefile:3111: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dgram' Makefile:3109: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jun 22 12:41:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jun 2020 12:41:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-err Message-ID: <1592829715.721611.26459.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-err Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 65-test_cmp_protect.t .............. ok 65-test_cmp_server.t ............... ok 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 04-test_err.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=203, Tests=1935, 839 wallclock secs ( 8.67 usr 1.29 sys + 754.57 cusr 49.77 csys = 814.30 CPU) Result: FAIL Makefile:3085: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-err' Makefile:3083: recipe for target 'tests' failed make: *** [tests] Error 2 From dev at ddvo.net Mon Jun 22 14:36:47 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Mon, 22 Jun 2020 14:36:47 +0000 Subject: [openssl] master update Message-ID: <1592836607.092753.4654.nullmailer@dev.openssl.org> The branch master has been updated via e197158bd5b5a5674b8ea67e838bac47395c66f9 (commit) from b55a0b0ff209f7004c16e1bf69dd557167878fd6 (commit) - Log ----------------------------------------------------------------- commit e197158bd5b5a5674b8ea67e838bac47395c66f9 Author: Dr. David von Oheimb Date: Fri Jun 19 20:39:33 2020 +0200 Add documentation of OSSL_CRMF_CERTID_dup() Fixes #12190 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12208) ----------------------------------------------------------------------- Summary of changes: doc/man3/X509_dup.pod | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index a92d82098d..d348acdfd2 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -139,6 +139,7 @@ OSSL_CMP_PKISI_free, OSSL_CMP_PKISI_it, OSSL_CMP_PKISI_new, OSSL_CMP_PKISTATUS_it, +OSSL_CRMF_CERTID_dup, OSSL_CRMF_CERTID_free, OSSL_CRMF_CERTID_it, OSSL_CRMF_CERTID_new, From dev at ddvo.net Mon Jun 22 14:43:31 2020 From: dev at ddvo.net (dev at ddvo.net) Date: Mon, 22 Jun 2020 14:43:31 +0000 Subject: [openssl] master update Message-ID: <1592837011.380653.28633.nullmailer@dev.openssl.org> The branch master has been updated via b0d5c1cb0773588dca69875e122fac75252ccdf6 (commit) via 93a7d24179ee5f61a2350b547dfcd522f6a4b9b0 (commit) via 6bb74ecb87f496faa777b609a03a2ce422b60197 (commit) via 1e24c82435d22138394edbc534f36b1760351dae (commit) via be7f84e2e24dcf98524be8aea3014be6d3a556ab (commit) via 713b3f76a769e8961884b85bac5f207f76bc96ef (commit) via 7d40faca54e64e9c6efa48c6d11e46d3037121c4 (commit) via 11baa470a21b514ab247071e80273ddc0a80c504 (commit) from e197158bd5b5a5674b8ea67e838bac47395c66f9 (commit) - Log ----------------------------------------------------------------- commit b0d5c1cb0773588dca69875e122fac75252ccdf6 Author: Dr. David von Oheimb Date: Sun Jun 21 15:44:26 2020 +0200 test/run_tests.pl: Document new VFO and VFP modes in INSTALL.md Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12175) commit 93a7d24179ee5f61a2350b547dfcd522f6a4b9b0 Author: Dr. David von Oheimb Date: Sat Jun 20 17:20:20 2020 +0200 test/run_tests.pl: Improve indentation parsing workaround for VFO and VFP mode Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12175) commit 6bb74ecb87f496faa777b609a03a2ce422b60197 Author: Dr. David von Oheimb Date: Sat Jun 20 17:07:52 2020 +0200 test/run_tests.pl: Improve newline output for VFO and VFP mode Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12175) commit 1e24c82435d22138394edbc534f36b1760351dae Author: Dr. David von Oheimb Date: Sat Jun 20 17:22:41 2020 +0200 Speed-up for tests in 81-test_cmp_cli_data/test_connection.csv Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12175) commit be7f84e2e24dcf98524be8aea3014be6d3a556ab Author: Dr. David von Oheimb Date: Thu Jun 18 07:30:09 2020 +0200 Disable tests in cmp_vfy_test.c that make no sense if FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12175) commit 713b3f76a769e8961884b85bac5f207f76bc96ef Author: Dr. David von Oheimb Date: Thu Jun 18 07:42:22 2020 +0200 81-test_cmp_cli.t: Disable CLI-based tests in case fuzzing is enabled Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12175) commit 7d40faca54e64e9c6efa48c6d11e46d3037121c4 Author: Dr. David von Oheimb Date: Thu Jun 18 06:33:43 2020 +0200 81-test_cmp_cli.t: Do connections to 127.0.0.1 (e.g., Mock server) without proxy Fixes #12156 Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12175) commit 11baa470a21b514ab247071e80273ddc0a80c504 Author: Dr. David von Oheimb Date: Wed Jun 17 08:12:19 2020 +0200 Fix CMP -days option range checking and test failing with enable-ubsan Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12175) ----------------------------------------------------------------------- Summary of changes: INSTALL.md | 52 +++++++++++++--------- apps/cmp.c | 9 ++-- crypto/cmp/cmp_ctx.c | 12 ++--- crypto/cmp/cmp_err.c | 3 ++ crypto/cmp/cmp_msg.c | 15 ++++--- crypto/crmf/crmf_lib.c | 26 +++-------- crypto/err/openssl.txt | 5 ++- ...alidity.pod => OSSL_CRMF_MSG_set0_validity.pod} | 40 +++++++++-------- include/openssl/cmperr.h | 3 ++ include/openssl/crmf.h | 3 +- include/openssl/crmferr.h | 2 +- test/cmp_vfy_test.c | 21 ++++++++- test/recipes/81-test_cmp_cli.t | 24 +++++++--- .../81-test_cmp_cli_data/test_connection.csv | 11 ++--- .../81-test_cmp_cli_data/test_enrollment.csv | 2 +- test/run_tests.pl | 19 +++++--- util/libcrypto.num | 2 +- 17 files changed, 150 insertions(+), 99 deletions(-) rename doc/man3/{OSSL_CRMF_MSG_set_validity.pod => OSSL_CRMF_MSG_set0_validity.pod} (68%) diff --git a/INSTALL.md b/INSTALL.md index 981a86af04..5afd1acae2 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1560,7 +1560,7 @@ Configuration Problems The `./config` script tries hard to guess your operating system, but in some cases it does not succeed. You will see a message like the following: - $ ./config + ./config Operating system: x86-whatever-minix This system (minix) is not supported. See file INSTALL for details. @@ -1618,7 +1618,7 @@ Note: To make the output readable, pleace add a 'code fence' (three backquotes ` ``` ` on a separate line) before and after your output: ``` - $ ./Configure [your arguments...] + ./Configure [your arguments...] [output...] @@ -1638,9 +1638,9 @@ If the build succeeded previously, but fails after a source or configuration change, it might be helpful to clean the build tree before attempting another build. Use this command: - $ make clean # Unix - $ mms clean ! (or mmk) OpenVMS - $ nmake clean # Windows + make clean # Unix + mms clean ! (or mmk) OpenVMS + nmake clean # Windows Assembler error messages can sometimes be sidestepped by using the "no-asm" configuration option. @@ -1658,37 +1658,45 @@ Test Failures ------------- If some tests fail, look at the output. There may be reasons for the failure -that isn't a problem in OpenSSL itself (like a malfunction with Perl). +that isn't a problem in OpenSSL itself (like an OS malfunction or a Perl issue). You may want increased verbosity, that can be accomplished like this: -Verbosity on failure only (make macro VERBOSE_FAILURE or VF): +Full verbosity (`make` macro `VERBOSE` or `V`): + + make V=1 test # Unix + mms /macro=(V=1) test ! OpenVMS + nmake V=1 test # Windows + +Verbosity on test failure (`VERBOSE_FAILURE` or `VF?, Unix example shown): + + make test VF=1 + +Verbosity on failed (sub-)tests only (`VERBOSE_FAILURES_ONLY` or `VFO`): - $ make VF=1 test # Unix - $ mms /macro=(VF=1) test ! OpenVMS - $ nmake VF=1 test # Windows + make test VFO=1 -Full verbosity (make macro VERBOSE or V): +Verbosity on failed (sub-)tests, in addition progress on succeeded (sub-)tests +(`VERBOSE_FAILURES_PROGRESS` or `VFP`): - $ make V=1 test # Unix - $ mms /macro=(V=1) test ! OpenVMS - $ nmake V=1 test # Windows + make test VFP=1 If you want to run just one or a few specific tests, you can use the make variable TESTS to specify them, like this: - $ make TESTS='test_rsa test_dsa' test # Unix - $ mms/macro="TESTS=test_rsa test_dsa" test ! OpenVMS - $ nmake TESTS='test_rsa test_dsa' test # Windows + make TESTS='test_rsa test_dsa' test # Unix + mms/macro="TESTS=test_rsa test_dsa" test ! OpenVMS + nmake TESTS='test_rsa test_dsa' test # Windows -And of course, you can combine (Unix example shown): +And of course, you can combine (Unix examples shown): - $ make VF=1 TESTS='test_rsa test_dsa' test + make test TESTS='test_rsa test_dsa' VF=1 + make test TESTS="test_cmp_*" VFO=1 You can find the list of available tests like this: - $ make list-tests # Unix - $ mms list-tests ! OpenVMS - $ nmake list-tests # Windows + make list-tests # Unix + mms list-tests ! OpenVMS + nmake list-tests # Windows Have a look at the manual for the perl module Test::Harness to see what other HARNESS_* variables there are. diff --git a/apps/cmp.c b/apps/cmp.c index f80410fe9c..05fae77d38 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1880,9 +1880,12 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *e) } } - if (opt_days > 0) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_VALIDITY_DAYS, - opt_days); + if (opt_days > 0 + && !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_VALIDITY_DAYS, + opt_days)) { + CMP_err("could to set requested cert validity period"); + goto err; + } if (opt_policies != NULL && opt_policy_oids != NULL) { CMP_err("cannot have policies both via -policies and via -policy_oids"); diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 9f70de5038..558414bb5c 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -916,14 +916,14 @@ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val) break; } if (val < min_val) { - CMPerr(0, CMP_R_INVALID_ARGS); + CMPerr(0, CMP_R_VALUE_TOO_SMALL); return 0; } switch (opt) { case OSSL_CMP_OPT_LOG_VERBOSITY: if (val > OSSL_CMP_LOG_DEBUG) { - CMPerr(0, CMP_R_INVALID_ARGS); + CMPerr(0, CMP_R_VALUE_TOO_LARGE); return 0; } ctx->log_verbosity = val; @@ -957,7 +957,7 @@ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val) break; case OSSL_CMP_OPT_POPO_METHOD: if (val > OSSL_CRMF_POPO_KEYAGREE) { - CMPerr(0, CMP_R_INVALID_ARGS); + CMPerr(0, CMP_R_VALUE_TOO_LARGE); return 0; } ctx->popoMethod = val; @@ -982,13 +982,13 @@ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val) break; case OSSL_CMP_OPT_REVOCATION_REASON: if (val > OCSP_REVOKED_STATUS_AACOMPROMISE) { - CMPerr(0, CMP_R_INVALID_ARGS); + CMPerr(0, CMP_R_VALUE_TOO_LARGE); return 0; } ctx->revocationReason = val; break; default: - CMPerr(0, CMP_R_INVALID_ARGS); + CMPerr(0, CMP_R_INVALID_OPTION); return 0; } @@ -1044,7 +1044,7 @@ int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt) case OSSL_CMP_OPT_REVOCATION_REASON: return ctx->revocationReason; default: - CMPerr(0, CMP_R_INVALID_ARGS); + CMPerr(0, CMP_R_INVALID_OPTION); return -1; } } diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c index 5f2f713b08..1ee1002233 100644 --- a/crypto/cmp/cmp_err.c +++ b/crypto/cmp/cmp_err.c @@ -85,6 +85,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAIL_INFO_OUT_OF_RANGE), "fail info out of range"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_ARGS), "invalid args"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_OPTION), "invalid option"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION), "missing key input for creating protection"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE), @@ -143,6 +144,8 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { "unsupported key type"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC), "unsupported protection alg dhbasedmac"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_LARGE), "value too large"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_SMALL), "value too small"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_ALGORITHM_OID), "wrong algorithm oid"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID_IN_RP), "wrong certid in rp"}, diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 9735a1c0b7..bbc3e9157e 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -253,12 +253,17 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid) NULL /* serial */)) goto err; if (ctx->days != 0) { - time_t notBefore, notAfter; - - notBefore = time(NULL); - notAfter = notBefore + 60 * 60 * 24 * ctx->days; - if (!OSSL_CRMF_MSG_set_validity(crm, notBefore, notAfter)) + time_t now = time(NULL); + ASN1_TIME *notBefore = ASN1_TIME_adj(NULL, now, 0, 0); + ASN1_TIME *notAfter = ASN1_TIME_adj(NULL, now, ctx->days, 0); + + if (notBefore == NULL + || notAfter == NULL + || !OSSL_CRMF_MSG_set0_validity(crm, notBefore, notAfter)) { + ASN1_TIME_free(notBefore); + ASN1_TIME_free(notAfter); goto err; + } } /* extensions */ diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index c20a6da0f2..7530120ff3 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -244,35 +244,23 @@ OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm) } -int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to) +int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, + ASN1_TIME *notBefore, ASN1_TIME *notAfter) { - OSSL_CRMF_OPTIONALVALIDITY *vld = NULL; - ASN1_TIME *from_asn = NULL; - ASN1_TIME *to_asn = NULL; + OSSL_CRMF_OPTIONALVALIDITY *vld; OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm); if (tmpl == NULL) { /* also crm == NULL implies this */ - CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET_VALIDITY, CRMF_R_NULL_ARGUMENT); + CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET0_VALIDITY, CRMF_R_NULL_ARGUMENT); return 0; } - if (from != 0 && ((from_asn = ASN1_TIME_set(NULL, from)) == NULL)) - goto err; - if (to != 0 && ((to_asn = ASN1_TIME_set(NULL, to)) == NULL)) - goto err; if ((vld = OSSL_CRMF_OPTIONALVALIDITY_new()) == NULL) - goto err; - - vld->notBefore = from_asn; - vld->notAfter = to_asn; - + return 0; + vld->notBefore = notBefore; + vld->notAfter = notAfter; tmpl->validity = vld; - return 1; - err: - ASN1_TIME_free(from_asn); - ASN1_TIME_free(to_asn); - return 0; } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a30b808a25..1585688c83 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -378,7 +378,7 @@ CRMF_F_OSSL_CRMF_MSG_SET0_SINGLEPUBINFO:113:OSSL_CRMF_MSG_set0_SinglePubInfo CRMF_F_OSSL_CRMF_MSG_SET_CERTREQID:114:OSSL_CRMF_MSG_set_certReqId CRMF_F_OSSL_CRMF_MSG_SET_PKIPUBLICATIONINFO_ACTION:115:\ OSSL_CRMF_MSG_set_PKIPublicationInfo_action -CRMF_F_OSSL_CRMF_MSG_SET_VALIDITY:116:OSSL_CRMF_MSG_set_validity +CRMF_F_OSSL_CRMF_MSG_SET0_VALIDITY:116:OSSL_CRMF_MSG_set0_validity CRMF_F_OSSL_CRMF_PBMP_NEW:117:OSSL_CRMF_pbmp_new CRMF_F_OSSL_CRMF_PBM_NEW:118:OSSL_CRMF_pbm_new CRYPTO_F_CMAC_CTX_NEW:120:CMAC_CTX_new @@ -2119,6 +2119,7 @@ CMP_R_FAILED_EXTRACTING_PUBKEY:141:failed extracting pubkey CMP_R_FAILURE_OBTAINING_RANDOM:110:failure obtaining random CMP_R_FAIL_INFO_OUT_OF_RANGE:129:fail info out of range CMP_R_INVALID_ARGS:100:invalid args +CMP_R_INVALID_OPTION:174:invalid option CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION:130:\ missing key input for creating protection CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature @@ -2157,6 +2158,8 @@ CMP_R_UNSUPPORTED_ALGORITHM:136:unsupported algorithm CMP_R_UNSUPPORTED_KEY_TYPE:137:unsupported key type CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC:154:\ unsupported protection alg dhbasedmac +CMP_R_VALUE_TOO_LARGE:175:value too large +CMP_R_VALUE_TOO_SMALL:177:value too small CMP_R_WRONG_ALGORITHM_OID:138:wrong algorithm oid CMP_R_WRONG_CERTID_IN_RP:187:wrong certid in rp CMP_R_WRONG_PBM_VALUE:155:wrong pbm value diff --git a/doc/man3/OSSL_CRMF_MSG_set_validity.pod b/doc/man3/OSSL_CRMF_MSG_set0_validity.pod similarity index 68% rename from doc/man3/OSSL_CRMF_MSG_set_validity.pod rename to doc/man3/OSSL_CRMF_MSG_set0_validity.pod index 2544c65775..3f86bfaf07 100644 --- a/doc/man3/OSSL_CRMF_MSG_set_validity.pod +++ b/doc/man3/OSSL_CRMF_MSG_set0_validity.pod @@ -2,7 +2,7 @@ =head1 NAME -OSSL_CRMF_MSG_set_validity, +OSSL_CRMF_MSG_set0_validity, OSSL_CRMF_MSG_set_certReqId, OSSL_CRMF_CERTTEMPLATE_fill, OSSL_CRMF_MSG_set0_extensions, @@ -15,7 +15,8 @@ OSSL_CRMF_MSGS_verify_popo #include - int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to); + int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, + ASN1_TIME *notBefore, ASN1_TIME *notAfter); int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid); @@ -37,29 +38,32 @@ OSSL_CRMF_MSGS_verify_popo =head1 DESCRIPTION -OSSL_CRMF_MSG_set_validity() sets B as notBefore and B as notAfter -as the validity in the certTemplate of B. +OSSL_CRMF_MSG_set0_validity() sets the I and I fields +as validity constraints in the certTemplate of I. +Any of the I and I parameters may be NULL, +which means no constraint for the respective field. +On success ownership of I and I is transferred to I. -OSSL_CRMF_MSG_set_certReqId() sets B as the certReqId of B. +OSSL_CRMF_MSG_set_certReqId() sets I as the certReqId of I. -OSSL_CRMF_CERTTEMPLATE_fill() sets those fields of the certTemplate B -for which non-NULL values are provided: B, B, B, -and/or B. -On success the reference counter of the B (if given) is incremented, -while the B, B, and B structures (if given) are copied. +OSSL_CRMF_CERTTEMPLATE_fill() sets those fields of the certTemplate I +for which non-NULL values are provided: I, I, I, +and/or I. +On success the reference counter of the I (if given) is incremented, +while the I, I, and I structures (if given) are copied. -OSSL_CRMF_MSG_set0_extensions() sets B as the extensions in the -certTemplate of B. Frees any pre-existing ones and consumes B. +OSSL_CRMF_MSG_set0_extensions() sets I as the extensions in the +certTemplate of I. Frees any pre-existing ones and consumes I. -OSSL_CRMF_MSG_push0_extension() pushes the X509 extension B to the -extensions in the certTemplate of B. Consumes B. +OSSL_CRMF_MSG_push0_extension() pushes the X509 extension I to the +extensions in the certTemplate of I. Consumes I. OSSL_CRMF_MSG_create_popo() creates and sets the Proof-of-Possession (POPO) -according to the method B in B. +according to the method I in I. In case the method is OSSL_CRMF_POPO_SIGNATURE the POPO is calculated -using the private B and the digest algorithm NID B. +using the private I and the digest algorithm NID I. -B can be one of the following: +I can be one of the following: =over 8 @@ -82,7 +86,7 @@ challenge-response exchange (challengeResp) not yet supported. =back OSSL_CRMF_MSGS_verify_popo verifies the Proof-of-Possession of the request with -the given B in the list of B. Optionally accepts RAVerified. +the given I in the list of I. Optionally accepts RAVerified. =head1 RETURN VALUES diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h index d1ce2256fa..d220e55c5e 100644 --- a/include/openssl/cmperr.h +++ b/include/openssl/cmperr.h @@ -74,6 +74,7 @@ int ERR_load_CMP_strings(void); # define CMP_R_FAILURE_OBTAINING_RANDOM 110 # define CMP_R_FAIL_INFO_OUT_OF_RANGE 129 # define CMP_R_INVALID_ARGS 100 +# define CMP_R_INVALID_OPTION 174 # define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION 130 # define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE 142 # define CMP_R_MISSING_PRIVATE_KEY 131 @@ -109,6 +110,8 @@ int ERR_load_CMP_strings(void); # define CMP_R_UNSUPPORTED_ALGORITHM 136 # define CMP_R_UNSUPPORTED_KEY_TYPE 137 # define CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC 154 +# define CMP_R_VALUE_TOO_LARGE 175 +# define CMP_R_VALUE_TOO_SMALL 177 # define CMP_R_WRONG_ALGORITHM_OID 138 # define CMP_R_WRONG_CERTID_IN_RP 187 # define CMP_R_WRONG_PBM_VALUE 155 diff --git a/include/openssl/crmf.h b/include/openssl/crmf.h index d262a9b759..bf9c1c6159 100644 --- a/include/openssl/crmf.h +++ b/include/openssl/crmf.h @@ -105,7 +105,8 @@ int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg, int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg, const OSSL_CRMF_CERTREQUEST *cr); -int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to); +int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, + ASN1_TIME *notBefore, ASN1_TIME *notAfter); int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid); int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm); int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts); diff --git a/include/openssl/crmferr.h b/include/openssl/crmferr.h index 22936c620e..17e5c85cc2 100644 --- a/include/openssl/crmferr.h +++ b/include/openssl/crmferr.h @@ -44,7 +44,7 @@ int ERR_load_CRMF_strings(void); # define CRMF_F_OSSL_CRMF_MSG_SET0_SINGLEPUBINFO 0 # define CRMF_F_OSSL_CRMF_MSG_SET_CERTREQID 0 # define CRMF_F_OSSL_CRMF_MSG_SET_PKIPUBLICATIONINFO_ACTION 0 -# define CRMF_F_OSSL_CRMF_MSG_SET_VALIDITY 0 +# define CRMF_F_OSSL_CRMF_MSG_SET0_VALIDITY 0 # define CRMF_F_OSSL_CRMF_PBMP_NEW 0 # define CRMF_F_OSSL_CRMF_PBM_NEW 0 # endif diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index 583e7c2fbb..297c01edb2 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -158,6 +158,7 @@ static int test_validate_msg_mac_alg_protection(void) return result; } +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_mac_alg_protection_bad(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); @@ -176,6 +177,7 @@ static int test_validate_msg_mac_alg_protection_bad(void) EXECUTE_TEST(execute_validate_msg_test, tear_down); return result; } +#endif static int add_trusted(OSSL_CMP_CTX *ctx, X509 *cert) { @@ -214,10 +216,12 @@ static int test_validate_msg_signature_trusted_ok(void) return test_validate_msg_signature_partial_chain(0); } +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_signature_trusted_expired(void) { return test_validate_msg_signature_partial_chain(1); } +#endif static int test_validate_msg_signature_srvcert_wrong(void) { @@ -246,10 +250,12 @@ static int test_validate_msg_signature_srvcert(int bad_sig) return result; } +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_signature_bad(void) { return test_validate_msg_signature_srvcert(1); } +#endif static int test_validate_msg_signature_sender_cert_srvcert(void) { @@ -298,6 +304,7 @@ static int test_validate_msg_signature_sender_cert_extracert(void) } +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_signature_sender_cert_absent(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); @@ -309,7 +316,7 @@ static int test_validate_msg_signature_sender_cert_absent(void) EXECUTE_TEST(execute_validate_msg_test, tear_down); return result; } - +#endif static int test_validate_with_sender(const X509_NAME *name, int expected) { @@ -335,6 +342,7 @@ static int test_validate_msg_signature_unexpected_sender(void) return test_validate_with_sender(X509_get_subject_name(root), 0); } +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_unprotected_request(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); @@ -346,6 +354,7 @@ static int test_validate_msg_unprotected_request(void) EXECUTE_TEST(execute_validate_msg_test, tear_down); return result; } +#endif static void setup_path(CMP_VFY_TEST_FIXTURE **fixture, X509 *wrong, int expired) { @@ -607,19 +616,29 @@ int setup_tests(void) ADD_TEST(test_verify_popo_bad); #endif ADD_TEST(test_validate_msg_signature_trusted_ok); +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ADD_TEST(test_validate_msg_signature_trusted_expired); +#endif ADD_TEST(test_validate_msg_signature_srvcert_wrong); +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ADD_TEST(test_validate_msg_signature_bad); +#endif ADD_TEST(test_validate_msg_signature_sender_cert_srvcert); ADD_TEST(test_validate_msg_signature_sender_cert_untrusted); ADD_TEST(test_validate_msg_signature_sender_cert_trusted); ADD_TEST(test_validate_msg_signature_sender_cert_extracert); +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ADD_TEST(test_validate_msg_signature_sender_cert_absent); +#endif ADD_TEST(test_validate_msg_signature_expected_sender); ADD_TEST(test_validate_msg_signature_unexpected_sender); +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ADD_TEST(test_validate_msg_unprotected_request); +#endif ADD_TEST(test_validate_msg_mac_alg_protection); +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ADD_TEST(test_validate_msg_mac_alg_protection_bad); +#endif /* Cert path validation tests */ ADD_TEST(test_validate_cert_path_ok); diff --git a/test/recipes/81-test_cmp_cli.t b/test/recipes/81-test_cmp_cli.t index 3be02c6166..8ddb3c2daf 100644 --- a/test/recipes/81-test_cmp_cli.t +++ b/test/recipes/81-test_cmp_cli.t @@ -20,10 +20,12 @@ use Data::Dumper; # for debugging purposes only setup("test_cmp_cli"); -plan skip_all => "This test is not supported in a no-cmp build" +plan skip_all => "These tests are not supported in a no-cmp build" if disabled("cmp"); -plan skip_all => "This test is not supported in a no-ec build" +plan skip_all => "These tests are not supported in a no-ec build" if disabled("ec"); +plan skip_all => "These tests are not supported in a fuzz build" + if !disabled("fuzz-libfuzzer") || !disabled("fuzz-afl"); plan skip_all => "Tests involving server not available on Windows or VMS" if $^O =~ /^(VMS|MSWin32)$/; @@ -249,12 +251,22 @@ sub load_tests { $line =~ s{_PBM_PORT}{$pbm_port}g; $line =~ s{_PBM_REF}{$pbm_ref}g; $line =~ s{_PBM_SECRET}{$pbm_secret}g; - my $noproxy = $line =~ m/,\s*-no_proxy\s*,(.*?)(,|$)/ ? $1 : $no_proxy; - next LOOP if $no_proxy && ($noproxy =~ $server_host) - && $line =~ m/,\s*-proxy\s*,/; + next LOOP if $server_tls == 0 && $line =~ m/,\s*-tls_used\s*,/; - $line =~ s{-section,,}{-section,,-proxy,$proxy,} unless $line =~ m/,\s*-proxy\s*,/; + my $noproxy = $no_proxy; + if ($line =~ m/,\s*-no_proxy\s*,(.*?)(,|$)/) { + $noproxy = $1; + } elsif ($server_host eq "127.0.0.1") { + # do connections to localhost (e.g., Mock server) without proxy + $line =~ s{-section,,}{-section,,-no_proxy,127.0.0.1,} ; + } + if ($line =~ m/,\s*-proxy\s*,/) { + next LOOP if $no_proxy && ($noproxy =~ $server_host); + } else { + $line =~ s{-section,,}{-section,,-proxy,$proxy,}; + } $line =~ s{-section,,}{-config,../$test_config,-section,$server_name $aspect,}; + my @fields = grep /\S/, split ",", $line; s/^$// for (@fields); # used for proxy="" s/^\s+// for (@fields); # remove leading whitespace from elements diff --git a/test/recipes/81-test_cmp_cli_data/test_connection.csv b/test/recipes/81-test_cmp_cli_data/test_connection.csv index eceac6eb94..7e4775afec 100644 --- a/test/recipes/81-test_cmp_cli_data/test_connection.csv +++ b/test/recipes/81-test_cmp_cli_data/test_connection.csv @@ -12,17 +12,14 @@ TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,, 1,server port negative, -section,, -server,_SERVER_HOST:-10,,,,,BLANK,,BLANK,,BLANK,,BLANK, 1,server missing argument, -section,, -server,,,,,,BLANK,,BLANK,,BLANK,,BLANK, 1,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,BLANK,,BLANK,,BLANK, -1,server IP address bad syntax: double '.', -section,, -server,127.0.0..1:_SERVER_PORT,,,,,BLANK,,BLANK,,BLANK,,BLANK, -1,server domain bad syntax: double '.', -section,, -server,_SERVER_HOST..com:_SERVER_PORT,,,,,BLANK,,BLANK,,BLANK,,BLANK, -1,server port bad syntax: missing ':', -section,, -server,_SERVER_HOST.80,,,,,BLANK,,BLANK,,BLANK,,BLANK, +1,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,BLANK,,BLANK,,BLANK, 1,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,BLANK,,BLANK,,BLANK, 1,server with TLS port, -section,, -server,_SERVER_HOST:_SERVER_TLS,,,,,BLANK,,BLANK,,BLANK,,BLANK, TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,BLANK,,BLANK,,BLANK, ,,,,,,,,,,,,,,,,,,,,,,,,, -1,proxy bad ipv4 address syntax: extra cell, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.0.0:8888,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com -1,proxy port out of range, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:65536,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com -1,proxy IP address bad syntax: double '.', -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0..1:8888,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com -1,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com +1,proxy port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:x*/8888,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com,-msg_timeout,1 +1,proxy port out of range, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:65536,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com,-msg_timeout,1 +1,proxy default port, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com,-msg_timeout,1 1,proxy missing argument, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,,,,BLANK,,BLANK,,BLANK,,BLANK, -no_proxy,nonmatch.com ,,,,,,,,,,,,,,,,,,,,,,,,, 1,path missing argument, -section,,,,,, -path,,BLANK,,BLANK,,BLANK,,BLANK, diff --git a/test/recipes/81-test_cmp_cli_data/test_enrollment.csv b/test/recipes/81-test_cmp_cli_data/test_enrollment.csv index 64fb3fdcd6..305302e180 100644 --- a/test/recipes/81-test_cmp_cli_data/test_enrollment.csv +++ b/test/recipes/81-test_cmp_cli_data/test_enrollment.csv @@ -27,7 +27,7 @@ expected,description, -section,val, -cmd,val, -newkey,val,val, -newkeypass,val, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 0,days 1, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, 0,days 0, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,0,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, -0,days 36500, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,36500,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, +0,days 365*100 beyond 2038, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,36500,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, 1,days missing arg, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, 1,days negative, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,-10,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, 1,days no not integer, -section,, -cmd,ir, -newkey,new.key,, -newkeypass,pass:,,,BLANK,, -days,1.5,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,,BLANK,, -certout,test.cert.pem,, -out_trusted,root.crt,,BLANK,,BLANK,,, diff --git a/test/run_tests.pl b/test/run_tests.pl index bd83a6b988..8306c6018a 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -134,7 +134,6 @@ $eres = eval { my $class = shift; my %opts = %{ shift() }; my $failure_verbosity = $openssl_args{failure_verbosity}; - print "\n" if $failure_verbosity == 1 || $failure_verbosity == 2; my @plans = (); # initial level, no plan yet my $output_buffer = ""; @@ -158,24 +157,30 @@ $eres = eval { my $tests_planned = $is_plan && $self->tests_planned; my $is_test = $self->is_test; my $is_ok = $is_test && $self->is_ok; - # workaround in case parser not coping with indentation: + + # workaround for parser not coping with sub-test indentation if ($self->is_unknown) { + my $level = $#plans; + my $indent = $level < 0 ? "" : " " x ($level * 4); + ($is_plan, $tests_planned) = (1, $1) - if ($self->as_string =~ m/^\s+1\.\.(\d+)/); + if ($self->as_string =~ m/^$indent 1\.\.(\d+)/); ($is_test, $is_ok) = (1, !$1) - if ($self->as_string =~ m/^\s+(not )?ok /); + if ($self->as_string =~ m/^$indent(not )?ok /); } + if ($is_plan) { push @plans, $tests_planned; $output_buffer = ""; # ignore comments etc. until plan } elsif ($is_test) { # result of a test pop @plans if @plans && --($plans[-1]) <= 0; print $output_buffer if !$is_ok; - print $self->as_string."\n" + print "\n".$self->as_string if !$is_ok || $failure_verbosity == 2; $output_buffer = ""; - } else { # typically comment or unknown - $output_buffer .= $self->as_string."\n"; + } elsif ($self->as_string ne "") { + # typically is_comment or is_unknown + $output_buffer .= "\n".$self->as_string; } } } diff --git a/util/libcrypto.num b/util/libcrypto.num index acaa17394e..683cddbc79 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4546,7 +4546,7 @@ OSSL_CRMF_MSG_set1_regCtrl_oldCertID ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_CERTID_gen ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regInfo_utf8Pairs ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set1_regInfo_certReq ? 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set_validity ? 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set0_validity ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set_certReqId ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_get_certReqId ? 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_MSG_set0_extensions ? 3_0_0 EXIST::FUNCTION:CRMF From builds at travis-ci.com Mon Jun 22 16:57:18 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 22 Jun 2020 16:57:18 +0000 Subject: Errored: openssl/openssl#35608 (master - e197158) In-Reply-To: Message-ID: <5ef0e2eb98e3c_13fdbe8fad3141270da@travis-pro-tasks-5d6498d48b-rlglb.mail> Build Update for openssl/openssl ------------------------------------- Build: #35608 Status: Errored Duration: 1 hr, 49 mins, and 41 secs Commit: e197158 (master) Author: Dr. David von Oheimb Message: Add documentation of OSSL_CRMF_CERTID_dup() Fixes #12190 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12208) View the changeset: https://github.com/openssl/openssl/compare/b55a0b0ff209...e197158bd5b5 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172508832?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From builds at travis-ci.com Mon Jun 22 18:30:19 2020 From: builds at travis-ci.com (Travis CI) Date: Mon, 22 Jun 2020 18:30:19 +0000 Subject: Errored: openssl/openssl#35609 (master - b0d5c1c) In-Reply-To: Message-ID: <5ef0f8b8ab7af_13fa1f2bc35e43519ab@travis-pro-tasks-5d6498d48b-jm77m.mail> Build Update for openssl/openssl ------------------------------------- Build: #35609 Status: Errored Duration: 2 hrs, 9 mins, and 26 secs Commit: b0d5c1c (master) Author: Dr. David von Oheimb Message: test/run_tests.pl: Document new VFO and VFP modes in INSTALL.md Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/12175) View the changeset: https://github.com/openssl/openssl/compare/e197158bd5b5...b0d5c1cb0773 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172509823?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Jun 22 20:31:40 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jun 2020 20:31:40 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui-console Message-ID: <1592857900.196972.17886.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui-console Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=203, Tests=2011, 836 wallclock secs ( 8.69 usr 1.23 sys + 751.92 cusr 48.35 csys = 810.19 CPU) Result: FAIL Makefile:3096: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui-console' Makefile:3094: recipe for target 'tests' failed make: *** [tests] Error 2 From levitte at openssl.org Mon Jun 22 21:50:43 2020 From: levitte at openssl.org (Richard Levitte) Date: Mon, 22 Jun 2020 21:50:43 +0000 Subject: [openssl] master update Message-ID: <1592862643.892655.2915.nullmailer@dev.openssl.org> The branch master has been updated via 3fd16304f4b33814ea481fe965d79675a5f4f2c3 (commit) via c4de5d22aa189d357aec18e4a744e3747bd545af (commit) via e3ce33b3b5ab773bbf4156074d9b37b33ac3744d (commit) from b0d5c1cb0773588dca69875e122fac75252ccdf6 (commit) - Log ----------------------------------------------------------------- commit 3fd16304f4b33814ea481fe965d79675a5f4f2c3 Author: Richard Levitte Date: Thu Jun 18 12:37:26 2020 +0200 Missing documentation missing, let's note that down Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12125) commit c4de5d22aa189d357aec18e4a744e3747bd545af Author: Richard Levitte Date: Wed Jun 17 22:04:53 2020 +0200 util/find-doc-nits: Modernise printem() It wasn't up to date with the new variables used to track information on what's documented, what's in the .num files and what's in the "missing" files. Fixes #12117 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12125) commit e3ce33b3b5ab773bbf4156074d9b37b33ac3744d Author: Richard Levitte Date: Fri Jun 12 10:38:34 2020 +0200 util/find-doc-nits: Do not read "missing" files when -u is given Fixes #12117 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12125) ----------------------------------------------------------------------- Summary of changes: util/find-doc-nits | 17 +++++------------ util/missingcrypto.txt | 5 +++++ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/util/find-doc-nits b/util/find-doc-nits index 0feb01e27c..a54d75458c 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -865,21 +865,14 @@ sub checkmacros { sub printem ($) { my $type = shift; my $count = 0; - my %seen; - - foreach my $func ( grep { $_ eq $type } sort keys %state ) { - $func .= '(3)'; # We know they're all in section 3 - - # Skip functions known to be missing - next if $opt_v && defined $name_map{$func} && $name_map{$func} eq ''; - # Skip known names - next if defined $name_map{$func} || defined $seen{$func}; + foreach my $func ( grep { $state{$_} eq $type } sort keys %state ) { + next if defined $name_map{$func} + || defined $missing{$func}; err("$type:", "function $func undocumented") if $opt_d || $opt_e; $count++; - $seen{$func} = 1; } err("# $count lib$type names are not documented") if $count > 0; @@ -906,7 +899,7 @@ sub collectnames { my $name_sec = "$name($section)"; if ( !defined $name_map{$name_sec} ) { $name_map{$name_sec} = $filename; - $state{$name_sec} = + $state{$name_sec} //= ( $filename =~ /\/internal\// ? 'internal' : 'public' ) if $is_generic; } elsif ( $filename eq $name_map{$name_sec} ) { @@ -1087,7 +1080,7 @@ if ( $opt_o ) { loadmissing('util/missingmacro111.txt', 'crypto'); loadmissing('util/missingcrypto111.txt', 'crypto'); loadmissing('util/missingssl111.txt', 'ssl'); -} else { +} elsif ( !$opt_u ) { loadmissing('util/missingmacro.txt', 'crypto'); loadmissing('util/missingcrypto.txt', 'crypto'); loadmissing('util/missingssl.txt', 'ssl'); diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index bc276a8c4a..0034a711d1 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -516,6 +516,7 @@ ECPARAMETERS_it(3) ECPKPARAMETERS_it(3) ECParameters_print(3) ECParameters_print_fp(3) +EC_GROUP_get_field_type(3) EC_GROUP_get_mont_data(3) EC_KEY_METHOD_free(3) EC_KEY_METHOD_get_compute_key(3) @@ -601,6 +602,7 @@ EVP_KEYMGMT-DSA(7) EVP_KEYMGMT-RSA(7) EVP_KEYMGMT-X25519(7) EVP_KEYMGMT-X448(7) +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(3) EVP_SIGNATURE-DSA(7) EVP_SIGNATURE-ECDSA(7) EVP_SIGNATURE-ED25519(7) @@ -909,6 +911,9 @@ OPENSSL_strnlen(3) OPENSSL_uni2asc(3) OPENSSL_uni2utf8(3) OPENSSL_utf82uni(3) +OSSL_CRMF_CERTID_dup(3) +OSSL_PARAM_modified(3) +OSSL_PARAM_set_all_unmodified(3) OSSL_SERIALIZER-DH(7) OSSL_SERIALIZER-DSA(7) OSSL_SERIALIZER-EC(7) From openssl at openssl.org Mon Jun 22 22:52:55 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 22 Jun 2020 22:52:55 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared no-module Message-ID: <1592866375.819058.18841.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared no-module Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled 70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled 70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled 70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled 70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled 70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled 70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled 70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled 70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled 70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled 70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled 70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs the dynamic engine feature enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled 70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 3 (wstat 768, 0x300) Failed 3/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: GOST support is disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ skipped: Test only supported in a shared build 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 65-test_cmp_vfy.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 81-test_cmp_cli.t (Wstat: 768 Tests: 7 Failed: 3) Failed tests: 4-5, 7 Non-zero exit status: 3 Files=203, Tests=1736, 742 wallclock secs ( 6.94 usr 1.27 sys + 655.84 cusr 38.55 csys = 702.60 CPU) Result: FAIL Makefile:2341: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:2339: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Tue Jun 23 00:08:57 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 23 Jun 2020 00:08:57 +0000 Subject: [openssl] master update Message-ID: <1592870937.425078.1901.nullmailer@dev.openssl.org> The branch master has been updated via 1d78129dd205e3e85083a91c33540a70c51b0a23 (commit) from 3fd16304f4b33814ea481fe965d79675a5f4f2c3 (commit) - Log ----------------------------------------------------------------- commit 1d78129dd205e3e85083a91c33540a70c51b0a23 Author: Tristan Bauer <67098820+trisbauer at users.noreply.github.com> Date: Thu Jun 18 11:45:24 2020 +0200 Fix wrong return value check of mmap function The mmap function never returns NULL. If an error occurs, the function returns MAP_FAILED. CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12187) ----------------------------------------------------------------------- Summary of changes: crypto/mem_sec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index e28a43e295..ddc0a370e6 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -514,7 +514,7 @@ static void sh_done(void) OPENSSL_free(sh.freelist); OPENSSL_free(sh.bittable); OPENSSL_free(sh.bitmalloc); - if (sh.map_result != NULL && sh.map_size) + if (sh.map_result != MAP_FAILED && sh.map_size) munmap(sh.map_result, sh.map_size); memset(&sh, 0, sizeof(sh)); } From pauli at openssl.org Tue Jun 23 00:09:37 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 23 Jun 2020 00:09:37 +0000 Subject: [openssl] OpenSSL_1_1_1-stable update Message-ID: <1592870977.502399.3838.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via b295a4dca17f00d412043b74393b86a16655fac0 (commit) from 35bb0e44c6168facbb3acedbc7d4f2dcbdd65224 (commit) - Log ----------------------------------------------------------------- commit b295a4dca17f00d412043b74393b86a16655fac0 Author: Tristan Bauer <67098820+trisbauer at users.noreply.github.com> Date: Thu Jun 18 11:45:24 2020 +0200 Fix wrong return value check of mmap function The mmap function never returns NULL. If an error occurs, the function returns MAP_FAILED. CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12187) (cherry picked from commit 1d78129dd205e3e85083a91c33540a70c51b0a23) ----------------------------------------------------------------------- Summary of changes: crypto/mem_sec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index 9e0f6702f4..8bcb0509c1 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -502,7 +502,7 @@ static void sh_done(void) OPENSSL_free(sh.freelist); OPENSSL_free(sh.bittable); OPENSSL_free(sh.bitmalloc); - if (sh.map_result != NULL && sh.map_size) + if (sh.map_result != MAP_FAILED && sh.map_size) munmap(sh.map_result, sh.map_size); memset(&sh, 0, sizeof(sh)); } From builds at travis-ci.com Tue Jun 23 01:10:42 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 23 Jun 2020 01:10:42 +0000 Subject: Errored: openssl/openssl#35621 (master - 3fd1630) In-Reply-To: Message-ID: <5ef15691ea260_13fd6f15a9918146739@travis-pro-tasks-5bf6cc9cbd-trp66.mail> Build Update for openssl/openssl ------------------------------------- Build: #35621 Status: Errored Duration: 1 hr, 50 mins, and 1 sec Commit: 3fd1630 (master) Author: Richard Levitte Message: Missing documentation missing, let's note that down Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12125) View the changeset: https://github.com/openssl/openssl/compare/b0d5c1cb0773...3fd16304f4b3 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172573584?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 23 02:11:55 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jun 2020 02:11:55 +0000 Subject: Build failed: openssl master.35072 Message-ID: <20200623021155.1.2AC72815AA53F8A4@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 23 04:58:10 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jun 2020 04:58:10 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-posix-io Message-ID: <1592888290.707499.28107.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-posix-io Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_dtls1 test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_dtls1.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' make[1]: Entering directory '/home/openssl/run-checker/no-posix-io' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_cb.d.tmp -MT apps/lib/libapps-lib-s_cb.o -c -o apps/lib/libapps-lib-s_cb.o ../openssl/apps/lib/s_cb.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-s_socket.d.tmp -MT apps/lib/libapps-lib-s_socket.o -c -o apps/lib/libapps-lib-s_socket.o ../openssl/apps/lib/s_socket.c Makefile:4105: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-posix-io' Makefile:3080: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From builds at travis-ci.com Tue Jun 23 05:35:23 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 23 Jun 2020 05:35:23 +0000 Subject: Errored: openssl/openssl#35627 (master - 1d78129) In-Reply-To: Message-ID: <5ef1949ab7294_13fcf0cbb895495726@travis-pro-tasks-74447cdbf5-rz9gf.mail> Build Update for openssl/openssl ------------------------------------- Build: #35627 Status: Errored Duration: 2 hrs, 6 mins, and 31 secs Commit: 1d78129 (master) Author: Tristan Bauer Message: Fix wrong return value check of mmap function The mmap function never returns NULL. If an error occurs, the function returns MAP_FAILED. CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12187) View the changeset: https://github.com/openssl/openssl/compare/3fd16304f4b3...1d78129dd205 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172585846?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Jun 23 09:37:36 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Jun 2020 09:37:36 +0000 Subject: [openssl] master update Message-ID: <1592905056.919925.30607.nullmailer@dev.openssl.org> The branch master has been updated via 22063850586945fd98ad3656df21c16adfef89ae (commit) from 1d78129dd205e3e85083a91c33540a70c51b0a23 (commit) - Log ----------------------------------------------------------------- commit 22063850586945fd98ad3656df21c16adfef89ae Author: Richard Levitte Date: Thu Jun 18 12:28:36 2020 +0200 DOCS: Add documentation for EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name() At the same, align documentation markup to be closer to man-pages(7) recommendations. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12188) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod b/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod index e3ed14cfc6..d4af8aab55 100644 --- a/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod +++ b/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod @@ -4,6 +4,7 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name, EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen - EVP_PKEY RSA-PSS algorithm support functions @@ -15,6 +16,8 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen const EVP_MD *md); int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); + int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *pctx, + const char *mdname); int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, int saltlen); @@ -36,7 +39,7 @@ RSA_PSS_SALTLEN_AUTO) is not supported for verification if the key has usage restrictions. The L and L -fuunctions are used to set the digest and MGF1 algorithms respectively. If the +functions are used to set the digest and MGF1 algorithms respectively. If the key has usage restrictions then an error is returned if an attempt is made to set the digest to anything other than the restricted value. Otherwise these are similar to the B versions. @@ -55,13 +58,15 @@ then they are reflected in the corresponding parameters of the public key when (for example) a certificate request is signed. EVP_PKEY_CTX_set_rsa_pss_keygen_md() restricts the digest algorithm the -generated key can use to B. +generated key can use to I. EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() restricts the MGF1 algorithm the -generated key can use to B. +generated key can use to I. +EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name() does the same thing, but +passes the algorithm by name rather than by B. EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt length -to B. +to I. =head1 NOTES From pauli at openssl.org Tue Jun 23 09:47:19 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 23 Jun 2020 09:47:19 +0000 Subject: [openssl] master update Message-ID: <1592905639.215235.24009.nullmailer@dev.openssl.org> The branch master has been updated via 90cf3099df43a5419d59e6a66e75970cbb50a28a (commit) from 22063850586945fd98ad3656df21c16adfef89ae (commit) - Log ----------------------------------------------------------------- commit 90cf3099df43a5419d59e6a66e75970cbb50a28a Author: Pauli Date: Wed Jun 17 12:16:10 2020 +1000 serialization: break the provider locating code to avoid deadlock. Find all the suitable implementation names and later decide which is best. This avoids a lock order inversion. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12173) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + crypto/serializer/serializer_err.c | 4 +- crypto/serializer/serializer_pkey.c | 122 ++++++++++++++++++++---------------- include/openssl/serializererr.h | 4 +- 4 files changed, 74 insertions(+), 57 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 1585688c83..c308036003 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2682,6 +2682,7 @@ OCSP_R_UNKNOWN_MESSAGE_DIGEST:119:unknown message digest OCSP_R_UNKNOWN_NID:120:unknown nid OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type OSSL_SERIALIZER_R_INCORRECT_PROPERTY_QUERY:100:incorrect property query +OSSL_SERIALIZER_R_SERIALIZER_NOT_FOUND:101:serializer not found OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE:107:ambiguous content type OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac diff --git a/crypto/serializer/serializer_err.c b/crypto/serializer/serializer_err.c index 0f0fc5fa80..2ea8b8bede 100644 --- a/crypto/serializer/serializer_err.c +++ b/crypto/serializer/serializer_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,8 @@ static const ERR_STRING_DATA OSSL_SERIALIZER_str_reasons[] = { {ERR_PACK(ERR_LIB_OSSL_SERIALIZER, 0, OSSL_SERIALIZER_R_INCORRECT_PROPERTY_QUERY), "incorrect property query"}, + {ERR_PACK(ERR_LIB_OSSL_SERIALIZER, 0, OSSL_SERIALIZER_R_SERIALIZER_NOT_FOUND), + "serializer not found"}, {0, NULL} }; diff --git a/crypto/serializer/serializer_pkey.c b/crypto/serializer/serializer_pkey.c index a3b854e5da..d612070240 100644 --- a/crypto/serializer/serializer_pkey.c +++ b/crypto/serializer/serializer_pkey.c @@ -12,11 +12,14 @@ #include #include #include +#include #include "internal/provider.h" #include "internal/property.h" #include "crypto/evp.h" #include "serializer_local.h" +DEFINE_STACK_OF_CSTRING() + int OSSL_SERIALIZER_CTX_set_cipher(OSSL_SERIALIZER_CTX *ctx, const char *cipher_name, const char *propquery) @@ -92,46 +95,16 @@ int OSSL_SERIALIZER_CTX_set_passphrase_cb(OSSL_SERIALIZER_CTX *ctx, int enc, */ struct selected_serializer_st { - OPENSSL_CTX *libctx; - const OSSL_PROVIDER *desired_provider; - const char *propquery; - - /* - * Serializers offer two functions, one that handles object data in - * the form of a OSSL_PARAM array, and one that directly handles a - * provider side object. The latter requires that the serializer - * is offered by the same provider that holds that object, but is - * more desirable because it usually provides faster serialization. - * - * When looking up possible serializers, we save the first that can - * handle an OSSL_PARAM array in |first|, and the first that can - * handle a provider side object in |desired|. - */ - OSSL_SERIALIZER *first; - OSSL_SERIALIZER *desired; + STACK_OF(OPENSSL_CSTRING) *names; + int error; }; -static void select_serializer(const char *name, void *data) +static void cache_serializers(const char *name, void *data) { struct selected_serializer_st *d = data; - OSSL_SERIALIZER *s = NULL; - - /* No need to look further if we already have the more desirable option */ - if (d->desired != NULL) - return; - - if ((s = OSSL_SERIALIZER_fetch(d->libctx, name, d->propquery)) != NULL) { - if (OSSL_SERIALIZER_provider(s) == d->desired_provider - && s->serialize_object != NULL) { - OSSL_SERIALIZER_free(d->first); - d->first = NULL; - d->desired = s; - } else if (d->first == NULL && s->serialize_data != NULL) { - d->first = s; - } else { - OSSL_SERIALIZER_free(s); - } - } + + if (sk_OPENSSL_CSTRING_push(d->names, name) <= 0) + d->error = 1; } /* @@ -319,25 +292,59 @@ OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey, const OSSL_PROVIDER *desired_prov = EVP_KEYMGMT_provider(keymgmt); OPENSSL_CTX *libctx = ossl_provider_library_context(desired_prov); struct selected_serializer_st sel_data; - OSSL_PROPERTY_LIST *check = - ossl_parse_query(libctx, "type=parameters"); + OSSL_PROPERTY_LIST *check = ossl_parse_query(libctx, "type=parameters"); OSSL_PROPERTY_LIST *current_props = NULL; - - memset(&sel_data, 0, sizeof(sel_data)); - sel_data.libctx = libctx; - sel_data.desired_provider = desired_prov; - sel_data.propquery = propquery; - EVP_KEYMGMT_names_do_all(keymgmt, select_serializer, &sel_data); - - if (sel_data.desired != NULL) { - ser = sel_data.desired; - sel_data.desired = NULL; - } else if (sel_data.first != NULL) { - ser = sel_data.first; - sel_data.first = NULL; + OSSL_SERIALIZER *first = NULL; + const char *name; + int i; + + /* + * Select the serializer in two steps. First, get the names of all of + * the serializers. Then determine which is the best one to use. + * This has to be broken because it isn't possible to fetch the + * serialisers inside EVP_KEYMGMT_names_do_all() due to locking + * order inversions with the store lock. + */ + sel_data.error = 0; + sel_data.names = sk_OPENSSL_CSTRING_new_null(); + if (sel_data.names == NULL) + return NULL; + EVP_KEYMGMT_names_do_all(keymgmt, cache_serializers, &sel_data); + /* + * Ignore memory allocation errors that are indicated in sel_data.error + * in case a suitable provider does get found regardless. + */ + + /* + * Serializers offer two functions, one that handles object data in + * the form of a OSSL_PARAM array, and one that directly handles a + * provider side object. The latter requires that the serializer + * is offered by the same provider that holds that object, but is + * more desirable because it usually provides faster serialization. + * + * When looking up possible serializers, we save the first that can + * handle an OSSL_PARAM array in |first| and use that if nothing + * better turns up. + */ + for (i = 0; i < sk_OPENSSL_CSTRING_num(sel_data.names); i++) { + name = sk_OPENSSL_CSTRING_value(sel_data.names, i); + ser = OSSL_SERIALIZER_fetch(libctx, name, propquery); + if (ser != NULL) { + if (OSSL_SERIALIZER_provider(ser) == desired_prov + && ser->serialize_object != NULL) { + OSSL_SERIALIZER_free(first); + break; + } + if (first == NULL && ser->serialize_data != NULL) + first = ser; + else + OSSL_SERIALIZER_free(ser); + ser = NULL; + } } - OSSL_SERIALIZER_free(sel_data.first); - OSSL_SERIALIZER_free(sel_data.desired); + sk_OPENSSL_CSTRING_free(sel_data.names); + if (ser == NULL) + ser = first; if (ser != NULL) { current_props = @@ -345,9 +352,14 @@ OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new_by_EVP_PKEY(const EVP_PKEY *pkey, if (ossl_property_match_count(check, current_props) > 0) selection = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; ossl_property_free(current_props); + ossl_property_free(check); + } else { + if (sel_data.error) + ERR_raise(ERR_LIB_OSSL_SERIALIZER, ERR_R_MALLOC_FAILURE); + else + ERR_raise(ERR_LIB_OSSL_SERIALIZER, + OSSL_SERIALIZER_R_SERIALIZER_NOT_FOUND); } - - ossl_property_free(check); } ctx = OSSL_SERIALIZER_CTX_new(ser); /* refcnt(ser)++ */ diff --git a/include/openssl/serializererr.h b/include/openssl/serializererr.h index 4eff9deab6..f99143b4d1 100644 --- a/include/openssl/serializererr.h +++ b/include/openssl/serializererr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,6 +10,7 @@ #ifndef OPENSSL_OSSL_SERIALIZERERR_H # define OPENSSL_OSSL_SERIALIZERERR_H +# pragma once # include # include @@ -30,5 +31,6 @@ int ERR_load_OSSL_SERIALIZER_strings(void); * OSSL_SERIALIZER reason codes. */ # define OSSL_SERIALIZER_R_INCORRECT_PROPERTY_QUERY 100 +# define OSSL_SERIALIZER_R_SERIALIZER_NOT_FOUND 101 #endif From openssl at openssl.org Tue Jun 23 09:55:45 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jun 2020 09:55:45 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-sock Message-ID: <1592906145.853044.26411.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-sock Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): rm -f *.ld rm -f doc/html/man1/CA.pl.html doc/html/man1/openssl-asn1parse.html doc/html/man1/openssl-ca.html doc/html/man1/openssl-ciphers.html doc/html/man1/openssl-cmds.html doc/html/man1/openssl-cmp.html doc/html/man1/openssl-cms.html doc/html/man1/openssl-crl.html doc/html/man1/openssl-crl2pkcs7.html doc/html/man1/openssl-dgst.html doc/html/man1/openssl-dhparam.html doc/html/man1/openssl-dsa.html doc/html/man1/openssl-dsaparam.html doc/html/man1/openssl-ec.html doc/html/man1/openssl-ecparam.html doc/html/man1/openssl-enc.html doc/html/man1/openssl-engine.html doc/html/man1/openssl-errstr.html doc/html/man1/openssl-fipsinstall.html doc/html/man1/openssl-gendsa.html doc/html/man1/openssl-genpkey.html doc/html/man1/openssl-genrsa.html doc/html/man1/openssl-info.html doc/html/man1/openssl-kdf.html doc/html/man1/openssl-list.html doc/html/man1/openssl-mac.html doc/html/man1/openssl-nseq.html doc/html/man1/openssl-ocsp.html doc/html/man1/openssl-passwd.html doc/html/man1/openssl-pkcs12.html doc/html/man1/openssl-pkcs7.html doc/html/man1/openssl-pkcs8.html doc/html/man1/openssl-pkey.html doc/html/man1/openssl-pkeyparam.html doc/html/man1/openssl-pkeyutl.html doc/html/man1/openssl-prime.html doc/html/man1/openssl-provider.html doc/html/man1/openssl-rand.html doc/html/man1/openssl-rehash.html doc/html/man1/openssl-req.html doc/html/man1/openssl-rsa.html doc/html/man1/openssl-rsautl.html doc/html/man1/openssl-s_client.html doc/html/man1/openssl-s_server.html doc/html/man1/openssl-s_time.html doc/html/man1/openssl-sess_id.html doc/html/man1/openssl-smime.html doc/html/man1/openssl-speed.html doc/html/man1/openssl-spkac.html doc/html/man1/openssl-srp.html doc/html/man1/openssl-storeutl.html doc/html/man1/openssl-ts.html doc/html/man1/openssl-verify.html doc/html/man1/openssl-version.html doc/html/man1/openssl-x509.html doc/html/man1/openssl.html doc/html/man1/tsget.html doc/html/man3/ADMISSIONS.html doc/html/man3/ASN1_INTEGER_get_int64.html doc/html/man3/ASN1_INTEGER_new.html doc/html/man3/ASN1_ITEM_lookup.html doc/html/man3/ASN1_OBJECT_new.html doc/html/man3/ASN1_STRING_TABLE_add.html doc/html/man3/ASN1_STRING_length.html doc/html/man3/ASN1_STRING_new.html doc/html/man3/ASN1_STRING_print_ex.html doc/html/man3/ASN1_TIME_set.html doc/html/man3/ASN1_TYPE_get.html doc/html/man3/ASN1_generate_nconf.html doc/html/man3/ASYNC_WAIT_CTX_new.html doc/html/man3/ASYNC_start_job.html doc/html/man3/BF_encrypt.html doc/html/man3/BIO_ADDR.html doc/html/man3/BIO_ADDRINFO.html doc/html/man3/BIO_connect.html doc/html/man3/BIO_ctrl.html doc/html/man3/BIO_f_base64.html doc/html/man3/BIO_f_buffer.html doc/html/man3/BIO_f_cipher.html doc/html/man3/BIO_f_md.html doc/html/man3/BIO_f_null.html doc/html/man3/BIO_f_prefix.html doc/html/man3/BIO_f_ssl.html doc/html/man3/BIO_find_type.html doc/html/man3/BIO_get_data.html doc/html/man3/BIO_get_ex_new_index.html doc/html/man3/BIO_meth_new.html doc/html/man3/BIO_new.html doc/html/man3/BIO_new_CMS.html doc/html/man3/BIO_parse_hostserv.html doc/html/man3/BIO_printf.html doc/html/man3/BIO_push.html doc/html/man3/BIO_read.html doc/html/man3/BIO_s_accept.html doc/html/man3/BIO_s_bio.html doc/html/man3/BIO_s_connect.html doc/html/man3/BIO_s_fd.html doc/html/man3/BIO_s_file.html doc/html/man3/BIO_s_mem.html doc/html/man3/BIO_s_null.html doc/html/man3/BIO_s_socket.html doc/html/man3/BIO_set_callback.html doc/html/man3/BIO_should_retry.html doc/html/man3/BIO_socket_wait.html doc/html/man3/BN_BLINDING_new.html doc/html/man3/BN_CTX_new.html doc/html/man3/BN_CTX_start.html doc/html/man3/BN_add.html doc/html/man3/BN_add_word.html doc/html/man3/BN_bn2bin.html doc/html/man3/BN_cmp.html doc/html/man3/BN_copy.html doc/html/man3/BN_generate_prime.html doc/html/man3/BN_mod_inverse.html doc/html/man3/BN_mod_mul_montgomery.html doc/html/man3/BN_mod_mul_reciprocal.html doc/html/man3/BN_new.html doc/html/man3/BN_num_bytes.html doc/html/man3/BN_rand.html doc/html/man3/BN_security_bits.html doc/html/man3/BN_set_bit.html doc/html/man3/BN_swap.html doc/html/man3/BN_zero.html doc/html/man3/BUF_MEM_new.html doc/html/man3/CMS_EnvelopedData_create.html doc/html/man3/CMS_add0_cert.html doc/html/man3/CMS_add1_recipient_cert.html doc/html/man3/CMS_add1_signer.html doc/html/man3/CMS_compress.html doc/html/man3/CMS_decrypt.html doc/html/man3/CMS_encrypt.html doc/html/man3/CMS_final.html doc/html/man3/CMS_get0_RecipientInfos.html doc/html/man3/CMS_get0_SignerInfos.html doc/html/man3/CMS_get0_type.html doc/html/man3/CMS_get1_ReceiptRequest.html doc/html/man3/CMS_sign.html doc/html/man3/CMS_sign_receipt.html doc/html/man3/CMS_uncompress.html doc/html/man3/CMS_verify.html doc/html/man3/CMS_verify_receipt.html doc/html/man3/CONF_modules_free.html doc/html/man3/CONF_modules_load_file.html doc/html/man3/CRYPTO_THREAD_run_once.html doc/html/man3/CRYPTO_get_ex_new_index.html doc/html/man3/CRYPTO_memcmp.html doc/html/man3/CTLOG_STORE_get0_log_by_id.html doc/html/man3/CTLOG_STORE_new.html doc/html/man3/CTLOG_new.html doc/html/man3/CT_POLICY_EVAL_CTX_new.html doc/html/man3/DEFINE_STACK_OF.html doc/html/man3/DES_random_key.html doc/html/man3/DH_generate_key.html doc/html/man3/DH_generate_parameters.html doc/html/man3/DH_get0_pqg.html doc/html/man3/DH_get_1024_160.html doc/html/man3/DH_meth_new.html doc/html/man3/DH_new.html doc/html/man3/DH_new_by_nid.html doc/html/man3/DH_set_method.html doc/html/man3/DH_size.html doc/html/man3/DSA_SIG_new.html doc/html/man3/DSA_do_sign.html doc/html/man3/DSA_dup_DH.html doc/html/man3/DSA_generate_key.html doc/html/man3/DSA_generate_parameters.html doc/html/man3/DSA_get0_pqg.html doc/html/man3/DSA_meth_new.html doc/html/man3/DSA_new.html doc/html/man3/DSA_set_method.html doc/html/man3/DSA_sign.html doc/html/man3/DSA_size.html doc/html/man3/DTLS_get_data_mtu.html doc/html/man3/DTLS_set_timer_cb.html doc/html/man3/DTLSv1_listen.html doc/html/man3/ECDSA_SIG_new.html doc/html/man3/ECPKParameters_print.html doc/html/man3/EC_GFp_simple_method.html doc/html/man3/EC_GROUP_copy.html doc/html/man3/EC_GROUP_new.html doc/html/man3/EC_KEY_get_enc_flags.html doc/html/man3/EC_KEY_new.html doc/html/man3/EC_POINT_add.html doc/html/man3/EC_POINT_new.html doc/html/man3/ENGINE_add.html doc/html/man3/ERR_GET_LIB.html doc/html/man3/ERR_clear_error.html doc/html/man3/ERR_error_string.html doc/html/man3/ERR_get_error.html doc/html/man3/ERR_load_crypto_strings.html doc/html/man3/ERR_load_strings.html doc/html/man3/ERR_new.html doc/html/man3/ERR_print_errors.html doc/html/man3/ERR_put_error.html doc/html/man3/ERR_remove_state.html doc/html/man3/ERR_set_mark.html doc/html/man3/EVP_ASYM_CIPHER_free.html doc/html/man3/EVP_BytesToKey.html doc/html/man3/EVP_CIPHER_CTX_get_cipher_data.html doc/html/man3/EVP_CIPHER_meth_new.html doc/html/man3/EVP_DigestInit.html doc/html/man3/EVP_DigestSignInit.html doc/html/man3/EVP_DigestVerifyInit.html doc/html/man3/EVP_EncodeInit.html doc/html/man3/EVP_EncryptInit.html doc/html/man3/EVP_KDF.html doc/html/man3/EVP_KEYEXCH_free.html doc/html/man3/EVP_KEYMGMT.html doc/html/man3/EVP_MAC.html doc/html/man3/EVP_MD_meth_new.html doc/html/man3/EVP_OpenInit.html doc/html/man3/EVP_PKEY_ASN1_METHOD.html doc/html/man3/EVP_PKEY_CTX_ctrl.html doc/html/man3/EVP_PKEY_CTX_new.html doc/html/man3/EVP_PKEY_CTX_set1_pbe_pass.html doc/html/man3/EVP_PKEY_CTX_set_hkdf_md.html doc/html/man3/EVP_PKEY_CTX_set_params.html doc/html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html doc/html/man3/EVP_PKEY_CTX_set_scrypt_N.html doc/html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html doc/html/man3/EVP_PKEY_asn1_get_count.html doc/html/man3/EVP_PKEY_check.html doc/html/man3/EVP_PKEY_copy_parameters.html doc/html/man3/EVP_PKEY_decrypt.html doc/html/man3/EVP_PKEY_derive.html doc/html/man3/EVP_PKEY_encrypt.html doc/html/man3/EVP_PKEY_fromdata.html doc/html/man3/EVP_PKEY_gen.html doc/html/man3/EVP_PKEY_get_default_digest_nid.html doc/html/man3/EVP_PKEY_gettable_params.html doc/html/man3/EVP_PKEY_is_a.html doc/html/man3/EVP_PKEY_meth_get_count.html doc/html/man3/EVP_PKEY_meth_new.html doc/html/man3/EVP_PKEY_new.html doc/html/man3/EVP_PKEY_print_private.html doc/html/man3/EVP_PKEY_set1_RSA.html doc/html/man3/EVP_PKEY_set_type.html doc/html/man3/EVP_PKEY_sign.html doc/html/man3/EVP_PKEY_size.html doc/html/man3/EVP_PKEY_supports_digest_nid.html doc/html/man3/EVP_PKEY_verify.html doc/html/man3/EVP_PKEY_verify_recover.html doc/html/man3/EVP_SIGNATURE_free.html doc/html/man3/EVP_SealInit.html doc/html/man3/EVP_SignInit.html doc/html/man3/EVP_VerifyInit.html doc/html/man3/EVP_aes_128_gcm.html doc/html/man3/EVP_aria_128_gcm.html doc/html/man3/EVP_bf_cbc.html doc/html/man3/EVP_blake2b512.html doc/html/man3/EVP_camellia_128_ecb.html doc/html/man3/EVP_cast5_cbc.html doc/html/man3/EVP_chacha20.html doc/html/man3/EVP_des_cbc.html doc/html/man3/EVP_desx_cbc.html doc/html/man3/EVP_idea_cbc.html doc/html/man3/EVP_md2.html doc/html/man3/EVP_md4.html doc/html/man3/EVP_md5.html doc/html/man3/EVP_mdc2.html doc/html/man3/EVP_rc2_cbc.html doc/html/man3/EVP_rc4.html doc/html/man3/EVP_rc5_32_12_16_cbc.html doc/html/man3/EVP_ripemd160.html doc/html/man3/EVP_seed_cbc.html doc/html/man3/EVP_set_default_properties.html doc/html/man3/EVP_sha1.html doc/html/man3/EVP_sha224.html doc/html/man3/EVP_sha3_224.html doc/html/man3/EVP_sm3.html doc/html/man3/EVP_sm4_cbc.html doc/html/man3/EVP_whirlpool.html doc/html/man3/HMAC.html doc/html/man3/MD5.html doc/html/man3/MDC2_Init.html doc/html/man3/NCONF_new_with_libctx.html doc/html/man3/OBJ_nid2obj.html doc/html/man3/OCSP_REQUEST_new.html doc/html/man3/OCSP_cert_to_id.html doc/html/man3/OCSP_request_add1_nonce.html doc/html/man3/OCSP_resp_find_status.html doc/html/man3/OCSP_response_status.html doc/html/man3/OCSP_sendreq_new.html doc/html/man3/OPENSSL_Applink.html doc/html/man3/OPENSSL_CTX.html doc/html/man3/OPENSSL_FILE.html doc/html/man3/OPENSSL_LH_COMPFUNC.html doc/html/man3/OPENSSL_LH_stats.html doc/html/man3/OPENSSL_config.html doc/html/man3/OPENSSL_fork_prepare.html doc/html/man3/OPENSSL_hexchar2int.html doc/html/man3/OPENSSL_ia32cap.html doc/html/man3/OPENSSL_init_crypto.html doc/html/man3/OPENSSL_init_ssl.html doc/html/man3/OPENSSL_instrument_bus.html doc/html/man3/OPENSSL_load_builtin_modules.html doc/html/man3/OPENSSL_malloc.html doc/html/man3/OPENSSL_s390xcap.html doc/html/man3/OPENSSL_secure_malloc.html doc/html/man3/OSSL_CMP_CTX_new.html doc/html/man3/OSSL_CMP_HDR_get0_transactionID.html doc/html/man3/OSSL_CMP_ITAV_set0.html doc/html/man3/OSSL_CMP_MSG_get0_header.html doc/html/man3/OSSL_CMP_MSG_http_perform.html doc/html/man3/OSSL_CMP_SRV_CTX_new.html doc/html/man3/OSSL_CMP_STATUSINFO_new.html doc/html/man3/OSSL_CMP_exec_IR_ses.html doc/html/man3/OSSL_CMP_log_open.html doc/html/man3/OSSL_CMP_validate_msg.html doc/html/man3/OSSL_CRMF_MSG_get0_tmpl.html doc/html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html doc/html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html doc/html/man3/OSSL_CRMF_MSG_set_validity.html doc/html/man3/OSSL_CRMF_pbmp_new.html doc/html/man3/OSSL_HTTP_transfer.html doc/html/man3/OSSL_PARAM.html doc/html/man3/OSSL_PARAM_BLD.html doc/html/man3/OSSL_PARAM_allocate_from_text.html doc/html/man3/OSSL_PARAM_int.html doc/html/man3/OSSL_PROVIDER.html doc/html/man3/OSSL_SELF_TEST_new.html doc/html/man3/OSSL_SELF_TEST_set_callback.html doc/html/man3/OSSL_SERIALIZER.html doc/html/man3/OSSL_SERIALIZER_CTX.html doc/html/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.html doc/html/man3/OSSL_SERIALIZER_to_bio.html doc/html/man3/OSSL_STORE_INFO.html doc/html/man3/OSSL_STORE_LOADER.html doc/html/man3/OSSL_STORE_SEARCH.html doc/html/man3/OSSL_STORE_attach.html doc/html/man3/OSSL_STORE_expect.html doc/html/man3/OSSL_STORE_open.html doc/html/man3/OSSL_trace_enabled.html doc/html/man3/OSSL_trace_get_category_num.html doc/html/man3/OSSL_trace_set_channel.html doc/html/man3/OpenSSL_add_all_algorithms.html doc/html/man3/OpenSSL_version.html doc/html/man3/PEM_bytes_read_bio.html doc/html/man3/PEM_read.html doc/html/man3/PEM_read_CMS.html doc/html/man3/PEM_read_bio_PrivateKey.html doc/html/man3/PEM_read_bio_ex.html doc/html/man3/PEM_write_bio_CMS_stream.html doc/html/man3/PEM_write_bio_PKCS7_stream.html doc/html/man3/PKCS12_SAFEBAG_get0_attrs.html doc/html/man3/PKCS12_add_CSPName_asc.html doc/html/man3/PKCS12_add_friendlyname_asc.html doc/html/man3/PKCS12_add_localkeyid.html doc/html/man3/PKCS12_create.html doc/html/man3/PKCS12_get_friendlyname.html doc/html/man3/PKCS12_newpass.html doc/html/man3/PKCS12_parse.html doc/html/man3/PKCS5_PBKDF2_HMAC.html doc/html/man3/PKCS7_decrypt.html doc/html/man3/PKCS7_encrypt.html doc/html/man3/PKCS7_sign.html doc/html/man3/PKCS7_sign_add_signer.html doc/html/man3/PKCS7_verify.html doc/html/man3/PKCS8_pkey_add1_attr.html doc/html/man3/RAND_DRBG_generate.html doc/html/man3/RAND_DRBG_get0_master.html doc/html/man3/RAND_DRBG_new.html doc/html/man3/RAND_DRBG_reseed.html doc/html/man3/RAND_DRBG_set_callbacks.html doc/html/man3/RAND_add.html doc/html/man3/RAND_bytes.html doc/html/man3/RAND_cleanup.html doc/html/man3/RAND_egd.html doc/html/man3/RAND_load_file.html doc/html/man3/RAND_set_rand_method.html doc/html/man3/RC4_set_key.html doc/html/man3/RIPEMD160_Init.html doc/html/man3/RSA_blinding_on.html doc/html/man3/RSA_check_key.html doc/html/man3/RSA_generate_key.html doc/html/man3/RSA_get0_key.html doc/html/man3/RSA_meth_new.html doc/html/man3/RSA_new.html doc/html/man3/RSA_padding_add_PKCS1_type_1.html doc/html/man3/RSA_print.html doc/html/man3/RSA_private_encrypt.html doc/html/man3/RSA_public_encrypt.html doc/html/man3/RSA_set_method.html doc/html/man3/RSA_sign.html doc/html/man3/RSA_sign_ASN1_OCTET_STRING.html doc/html/man3/RSA_size.html doc/html/man3/SCT_new.html doc/html/man3/SCT_print.html doc/html/man3/SCT_validate.html doc/html/man3/SHA256_Init.html doc/html/man3/SMIME_read_CMS.html doc/html/man3/SMIME_read_PKCS7.html doc/html/man3/SMIME_write_CMS.html doc/html/man3/SMIME_write_PKCS7.html doc/html/man3/SRP_Calc_B.html doc/html/man3/SRP_VBASE_new.html doc/html/man3/SRP_create_verifier.html doc/html/man3/SRP_user_pwd_new.html doc/html/man3/SSL_CIPHER_get_name.html doc/html/man3/SSL_COMP_add_compression_method.html doc/html/man3/SSL_CONF_CTX_new.html doc/html/man3/SSL_CONF_CTX_set1_prefix.html doc/html/man3/SSL_CONF_CTX_set_flags.html doc/html/man3/SSL_CONF_CTX_set_ssl_ctx.html doc/html/man3/SSL_CONF_cmd.html doc/html/man3/SSL_CONF_cmd_argv.html doc/html/man3/SSL_CTX_add1_chain_cert.html doc/html/man3/SSL_CTX_add_extra_chain_cert.html doc/html/man3/SSL_CTX_add_session.html doc/html/man3/SSL_CTX_config.html doc/html/man3/SSL_CTX_ctrl.html doc/html/man3/SSL_CTX_dane_enable.html doc/html/man3/SSL_CTX_flush_sessions.html doc/html/man3/SSL_CTX_free.html doc/html/man3/SSL_CTX_get0_param.html doc/html/man3/SSL_CTX_get_verify_mode.html doc/html/man3/SSL_CTX_has_client_custom_ext.html doc/html/man3/SSL_CTX_load_verify_locations.html doc/html/man3/SSL_CTX_new.html doc/html/man3/SSL_CTX_sess_number.html doc/html/man3/SSL_CTX_sess_set_cache_size.html doc/html/man3/SSL_CTX_sess_set_get_cb.html doc/html/man3/SSL_CTX_sessions.html doc/html/man3/SSL_CTX_set0_CA_list.html doc/html/man3/SSL_CTX_set1_curves.html doc/html/man3/SSL_CTX_set1_sigalgs.html doc/html/man3/SSL_CTX_set1_verify_cert_store.html doc/html/man3/SSL_CTX_set_alpn_select_cb.html doc/html/man3/SSL_CTX_set_cert_cb.html doc/html/man3/SSL_CTX_set_cert_store.html doc/html/man3/SSL_CTX_set_cert_verify_callback.html doc/html/man3/SSL_CTX_set_cipher_list.html doc/html/man3/SSL_CTX_set_client_cert_cb.html doc/html/man3/SSL_CTX_set_client_hello_cb.html doc/html/man3/SSL_CTX_set_ct_validation_callback.html doc/html/man3/SSL_CTX_set_ctlog_list_file.html doc/html/man3/SSL_CTX_set_default_passwd_cb.html doc/html/man3/SSL_CTX_set_generate_session_id.html doc/html/man3/SSL_CTX_set_info_callback.html doc/html/man3/SSL_CTX_set_keylog_callback.html doc/html/man3/SSL_CTX_set_max_cert_list.html doc/html/man3/SSL_CTX_set_min_proto_version.html doc/html/man3/SSL_CTX_set_mode.html doc/html/man3/SSL_CTX_set_msg_callback.html doc/html/man3/SSL_CTX_set_num_tickets.html doc/html/man3/SSL_CTX_set_options.html doc/html/man3/SSL_CTX_set_psk_client_callback.html doc/html/man3/SSL_CTX_set_quiet_shutdown.html doc/html/man3/SSL_CTX_set_read_ahead.html doc/html/man3/SSL_CTX_set_record_padding_callback.html doc/html/man3/SSL_CTX_set_security_level.html doc/html/man3/SSL_CTX_set_session_cache_mode.html doc/html/man3/SSL_CTX_set_session_id_context.html doc/html/man3/SSL_CTX_set_session_ticket_cb.html doc/html/man3/SSL_CTX_set_split_send_fragment.html doc/html/man3/SSL_CTX_set_srp_password.html doc/html/man3/SSL_CTX_set_ssl_version.html doc/html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html doc/html/man3/SSL_CTX_set_timeout.html doc/html/man3/SSL_CTX_set_tlsext_servername_callback.html doc/html/man3/SSL_CTX_set_tlsext_status_cb.html doc/html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html doc/html/man3/SSL_CTX_set_tlsext_use_srtp.html doc/html/man3/SSL_CTX_set_tmp_dh_callback.html doc/html/man3/SSL_CTX_set_tmp_ecdh.html doc/html/man3/SSL_CTX_set_verify.html doc/html/man3/SSL_CTX_use_certificate.html doc/html/man3/SSL_CTX_use_psk_identity_hint.html doc/html/man3/SSL_CTX_use_serverinfo.html doc/html/man3/SSL_SESSION_free.html doc/html/man3/SSL_SESSION_get0_cipher.html doc/html/man3/SSL_SESSION_get0_hostname.html doc/html/man3/SSL_SESSION_get0_id_context.html doc/html/man3/SSL_SESSION_get0_peer.html doc/html/man3/SSL_SESSION_get_compress_id.html doc/html/man3/SSL_SESSION_get_protocol_version.html doc/html/man3/SSL_SESSION_get_time.html doc/html/man3/SSL_SESSION_has_ticket.html doc/html/man3/SSL_SESSION_is_resumable.html doc/html/man3/SSL_SESSION_print.html doc/html/man3/SSL_SESSION_set1_id.html doc/html/man3/SSL_accept.html doc/html/man3/SSL_alert_type_string.html doc/html/man3/SSL_alloc_buffers.html doc/html/man3/SSL_check_chain.html doc/html/man3/SSL_clear.html doc/html/man3/SSL_connect.html doc/html/man3/SSL_do_handshake.html doc/html/man3/SSL_export_keying_material.html doc/html/man3/SSL_extension_supported.html doc/html/man3/SSL_free.html doc/html/man3/SSL_get0_peer_scts.html doc/html/man3/SSL_get_SSL_CTX.html doc/html/man3/SSL_get_all_async_fds.html doc/html/man3/SSL_get_ciphers.html doc/html/man3/SSL_get_client_random.html doc/html/man3/SSL_get_current_cipher.html doc/html/man3/SSL_get_default_timeout.html doc/html/man3/SSL_get_error.html doc/html/man3/SSL_get_extms_support.html doc/html/man3/SSL_get_fd.html doc/html/man3/SSL_get_peer_cert_chain.html doc/html/man3/SSL_get_peer_certificate.html doc/html/man3/SSL_get_peer_signature_nid.html doc/html/man3/SSL_get_peer_tmp_key.html doc/html/man3/SSL_get_psk_identity.html doc/html/man3/SSL_get_rbio.html doc/html/man3/SSL_get_session.html doc/html/man3/SSL_get_shared_sigalgs.html doc/html/man3/SSL_get_verify_result.html doc/html/man3/SSL_get_version.html doc/html/man3/SSL_in_init.html doc/html/man3/SSL_key_update.html doc/html/man3/SSL_library_init.html doc/html/man3/SSL_load_client_CA_file.html doc/html/man3/SSL_new.html doc/html/man3/SSL_pending.html doc/html/man3/SSL_read.html doc/html/man3/SSL_read_early_data.html doc/html/man3/SSL_rstate_string.html doc/html/man3/SSL_session_reused.html doc/html/man3/SSL_set1_host.html doc/html/man3/SSL_set_async_callback.html doc/html/man3/SSL_set_bio.html doc/html/man3/SSL_set_connect_state.html doc/html/man3/SSL_set_fd.html doc/html/man3/SSL_set_session.html doc/html/man3/SSL_set_shutdown.html doc/html/man3/SSL_set_verify_result.html doc/html/man3/SSL_shutdown.html doc/html/man3/SSL_state_string.html doc/html/man3/SSL_want.html doc/html/man3/SSL_write.html doc/html/man3/TS_VERIFY_CTX_set_certs.html doc/html/man3/UI_STRING.html doc/html/man3/UI_UTIL_read_pw.html doc/html/man3/UI_create_method.html doc/html/man3/UI_new.html doc/html/man3/X509V3_get_d2i.html doc/html/man3/X509_ALGOR_dup.html doc/html/man3/X509_CRL_get0_by_serial.html doc/html/man3/X509_EXTENSION_set_object.html doc/html/man3/X509_LOOKUP.html doc/html/man3/X509_LOOKUP_hash_dir.html doc/html/man3/X509_LOOKUP_meth_new.html doc/html/man3/X509_NAME_ENTRY_get_object.html doc/html/man3/X509_NAME_add_entry_by_txt.html doc/html/man3/X509_NAME_get0_der.html doc/html/man3/X509_NAME_get_index_by_NID.html doc/html/man3/X509_NAME_print_ex.html doc/html/man3/X509_PUBKEY_new.html doc/html/man3/X509_SIG_get0.html doc/html/man3/X509_STORE_CTX_get_error.html doc/html/man3/X509_STORE_CTX_new.html doc/html/man3/X509_STORE_CTX_set_verify_cb.html doc/html/man3/X509_STORE_add_cert.html doc/html/man3/X509_STORE_get0_param.html doc/html/man3/X509_STORE_new.html doc/html/man3/X509_STORE_set_verify_cb_func.html doc/html/man3/X509_VERIFY_PARAM_set_flags.html doc/html/man3/X509_check_ca.html doc/html/man3/X509_check_host.html doc/html/man3/X509_check_issued.html doc/html/man3/X509_check_private_key.html doc/html/man3/X509_check_purpose.html doc/html/man3/X509_cmp.html doc/html/man3/X509_cmp_time.html doc/html/man3/X509_digest.html doc/html/man3/X509_dup.html doc/html/man3/X509_get0_distinguishing_id.html doc/html/man3/X509_get0_notBefore.html doc/html/man3/X509_get0_signature.html doc/html/man3/X509_get0_uids.html doc/html/man3/X509_get_extension_flags.html doc/html/man3/X509_get_pubkey.html doc/html/man3/X509_get_serialNumber.html doc/html/man3/X509_get_subject_name.html doc/html/man3/X509_get_version.html doc/html/man3/X509_load_http.html doc/html/man3/X509_new.html doc/html/man3/X509_sign.html doc/html/man3/X509_verify_cert.html doc/html/man3/X509v3_cache_extensions.html doc/html/man3/X509v3_get_ext_by_NID.html doc/html/man3/d2i_DHparams.html doc/html/man3/d2i_PKCS8PrivateKey_bio.html doc/html/man3/d2i_PrivateKey.html doc/html/man3/d2i_SSL_SESSION.html doc/html/man3/d2i_X509.html doc/html/man3/i2d_CMS_bio_stream.html doc/html/man3/i2d_PKCS7_bio_stream.html doc/html/man3/i2d_re_X509_tbs.html doc/html/man3/o2i_SCT_LIST.html doc/html/man3/s2i_ASN1_IA5STRING.html doc/html/man5/config.html doc/html/man5/fips_config.html doc/html/man5/x509v3_config.html doc/html/man7/EVP_KDF-HKDF.html doc/html/man7/EVP_KDF-KB.html doc/html/man7/EVP_KDF-KRB5KDF.html doc/html/man7/EVP_KDF-PBKDF2.html doc/html/man7/EVP_KDF-SCRYPT.html doc/html/man7/EVP_KDF-SS.html doc/html/man7/EVP_KDF-SSHKDF.html doc/html/man7/EVP_KDF-TLS1_PRF.html doc/html/man7/EVP_KDF-X942.html doc/html/man7/EVP_KDF-X963.html doc/html/man7/EVP_KEYEXCH-DH.html doc/html/man7/EVP_KEYEXCH-ECDH.html doc/html/man7/EVP_KEYEXCH-X25519.html doc/html/man7/EVP_MAC-BLAKE2.html doc/html/man7/EVP_MAC-CMAC.html doc/html/man7/EVP_MAC-GMAC.html doc/html/man7/EVP_MAC-HMAC.html doc/html/man7/EVP_MAC-KMAC.html doc/html/man7/EVP_MAC-Poly1305.html doc/html/man7/EVP_MAC-Siphash.html doc/html/man7/EVP_MD-BLAKE2.html doc/html/man7/EVP_MD-MD2.html doc/html/man7/EVP_MD-MD4.html doc/html/man7/EVP_MD-MD5-SHA1.html doc/html/man7/EVP_MD-MD5.html doc/html/man7/EVP_MD-MDC2.html doc/html/man7/EVP_MD-RIPEMD160.html doc/html/man7/EVP_MD-SHA1.html doc/html/man7/EVP_MD-SHA2.html doc/html/man7/EVP_MD-SHA3.html doc/html/man7/EVP_MD-SHAKE.html doc/html/man7/EVP_MD-SM3.html doc/html/man7/EVP_MD-WHIRLPOOL.html doc/html/man7/EVP_MD-common.html doc/html/man7/EVP_PKEY-DH.html doc/html/man7/EVP_PKEY-DSA.html doc/html/man7/EVP_PKEY-EC.html doc/html/man7/EVP_PKEY-FFC.html doc/html/man7/EVP_PKEY-RSA.html doc/html/man7/EVP_PKEY-X25519.html doc/html/man7/EVP_SIGNATURE-DSA.html doc/html/man7/EVP_SIGNATURE-ECDSA.html doc/html/man7/EVP_SIGNATURE-ED25519.html doc/html/man7/EVP_SIGNATURE-RSA.html doc/html/man7/OSSL_PROVIDER-FIPS.html doc/html/man7/OSSL_PROVIDER-default.html doc/html/man7/OSSL_PROVIDER-legacy.html doc/html/man7/OSSL_PROVIDER-null.html doc/html/man7/RAND.html doc/html/man7/RAND_DRBG.html doc/html/man7/RSA-PSS.html doc/html/man7/SM2.html doc/html/man7/X25519.html doc/html/man7/bio.html doc/html/man7/crypto.html doc/html/man7/ct.html doc/html/man7/des_modes.html doc/html/man7/evp.html doc/html/man7/openssl-core.h.html doc/html/man7/openssl-core_names.h.html doc/html/man7/openssl-core_numbers.h.html doc/html/man7/openssl-env.html doc/html/man7/openssl_user_macros.html doc/html/man7/ossl_store-file.html doc/html/man7/ossl_store.html doc/html/man7/passphrase-encoding.html doc/html/man7/property.html doc/html/man7/provider-asym_cipher.html doc/html/man7/provider-base.html doc/html/man7/provider-cipher.html doc/html/man7/provider-digest.html doc/html/man7/provider-keyexch.html doc/html/man7/provider-keymgmt.html doc/html/man7/provider-mac.html doc/html/man7/provider-serializer.html doc/html/man7/provider-signature.html doc/html/man7/provider.html doc/html/man7/proxy-certificates.html doc/html/man7/ssl.html doc/html/man7/x509.html rm -f doc/man/man1/CA.pl.1 doc/man/man1/openssl-asn1parse.1 doc/man/man1/openssl-ca.1 doc/man/man1/openssl-ciphers.1 doc/man/man1/openssl-cmds.1 doc/man/man1/openssl-cmp.1 doc/man/man1/openssl-cms.1 doc/man/man1/openssl-crl.1 doc/man/man1/openssl-crl2pkcs7.1 doc/man/man1/openssl-dgst.1 doc/man/man1/openssl-dhparam.1 doc/man/man1/openssl-dsa.1 doc/man/man1/openssl-dsaparam.1 doc/man/man1/openssl-ec.1 doc/man/man1/openssl-ecparam.1 doc/man/man1/openssl-enc.1 doc/man/man1/openssl-engine.1 doc/man/man1/openssl-errstr.1 doc/man/man1/openssl-fipsinstall.1 doc/man/man1/openssl-gendsa.1 doc/man/man1/openssl-genpkey.1 doc/man/man1/openssl-genrsa.1 doc/man/man1/openssl-info.1 doc/man/man1/openssl-kdf.1 doc/man/man1/openssl-list.1 doc/man/man1/openssl-mac.1 doc/man/man1/openssl-nseq.1 doc/man/man1/openssl-ocsp.1 doc/man/man1/openssl-passwd.1 doc/man/man1/openssl-pkcs12.1 doc/man/man1/openssl-pkcs7.1 doc/man/man1/openssl-pkcs8.1 doc/man/man1/openssl-pkey.1 doc/man/man1/openssl-pkeyparam.1 doc/man/man1/openssl-pkeyutl.1 doc/man/man1/openssl-prime.1 doc/man/man1/openssl-provider.1 doc/man/man1/openssl-rand.1 doc/man/man1/openssl-rehash.1 doc/man/man1/openssl-req.1 doc/man/man1/openssl-rsa.1 doc/man/man1/openssl-rsautl.1 doc/man/man1/openssl-s_client.1 doc/man/man1/openssl-s_server.1 doc/man/man1/openssl-s_time.1 doc/man/man1/openssl-sess_id.1 doc/man/man1/openssl-smime.1 doc/man/man1/openssl-speed.1 doc/man/man1/openssl-spkac.1 doc/man/man1/openssl-srp.1 doc/man/man1/openssl-storeutl.1 doc/man/man1/openssl-ts.1 doc/man/man1/openssl-verify.1 doc/man/man1/openssl-version.1 doc/man/man1/openssl-x509.1 doc/man/man1/openssl.1 doc/man/man1/tsget.1 doc/man/man3/ADMISSIONS.3 doc/man/man3/ASN1_INTEGER_get_int64.3 doc/man/man3/ASN1_INTEGER_new.3 doc/man/man3/ASN1_ITEM_lookup.3 doc/man/man3/ASN1_OBJECT_new.3 doc/man/man3/ASN1_STRING_TABLE_add.3 doc/man/man3/ASN1_STRING_length.3 doc/man/man3/ASN1_STRING_new.3 doc/man/man3/ASN1_STRING_print_ex.3 doc/man/man3/ASN1_TIME_set.3 doc/man/man3/ASN1_TYPE_get.3 doc/man/man3/ASN1_generate_nconf.3 doc/man/man3/ASYNC_WAIT_CTX_new.3 doc/man/man3/ASYNC_start_job.3 doc/man/man3/BF_encrypt.3 doc/man/man3/BIO_ADDR.3 doc/man/man3/BIO_ADDRINFO.3 doc/man/man3/BIO_connect.3 doc/man/man3/BIO_ctrl.3 doc/man/man3/BIO_f_base64.3 doc/man/man3/BIO_f_buffer.3 doc/man/man3/BIO_f_cipher.3 doc/man/man3/BIO_f_md.3 doc/man/man3/BIO_f_null.3 doc/man/man3/BIO_f_prefix.3 doc/man/man3/BIO_f_ssl.3 doc/man/man3/BIO_find_type.3 doc/man/man3/BIO_get_data.3 doc/man/man3/BIO_get_ex_new_index.3 doc/man/man3/BIO_meth_new.3 doc/man/man3/BIO_new.3 doc/man/man3/BIO_new_CMS.3 doc/man/man3/BIO_parse_hostserv.3 doc/man/man3/BIO_printf.3 doc/man/man3/BIO_push.3 doc/man/man3/BIO_read.3 doc/man/man3/BIO_s_accept.3 doc/man/man3/BIO_s_bio.3 doc/man/man3/BIO_s_connect.3 doc/man/man3/BIO_s_fd.3 doc/man/man3/BIO_s_file.3 doc/man/man3/BIO_s_mem.3 doc/man/man3/BIO_s_null.3 doc/man/man3/BIO_s_socket.3 doc/man/man3/BIO_set_callback.3 doc/man/man3/BIO_should_retry.3 doc/man/man3/BIO_socket_wait.3 doc/man/man3/BN_BLINDING_new.3 doc/man/man3/BN_CTX_new.3 doc/man/man3/BN_CTX_start.3 doc/man/man3/BN_add.3 doc/man/man3/BN_add_word.3 doc/man/man3/BN_bn2bin.3 doc/man/man3/BN_cmp.3 doc/man/man3/BN_copy.3 doc/man/man3/BN_generate_prime.3 doc/man/man3/BN_mod_inverse.3 doc/man/man3/BN_mod_mul_montgomery.3 doc/man/man3/BN_mod_mul_reciprocal.3 doc/man/man3/BN_new.3 doc/man/man3/BN_num_bytes.3 doc/man/man3/BN_rand.3 doc/man/man3/BN_security_bits.3 doc/man/man3/BN_set_bit.3 doc/man/man3/BN_swap.3 doc/man/man3/BN_zero.3 doc/man/man3/BUF_MEM_new.3 doc/man/man3/CMS_EnvelopedData_create.3 doc/man/man3/CMS_add0_cert.3 doc/man/man3/CMS_add1_recipient_cert.3 doc/man/man3/CMS_add1_signer.3 doc/man/man3/CMS_compress.3 doc/man/man3/CMS_decrypt.3 doc/man/man3/CMS_encrypt.3 doc/man/man3/CMS_final.3 doc/man/man3/CMS_get0_RecipientInfos.3 doc/man/man3/CMS_get0_SignerInfos.3 doc/man/man3/CMS_get0_type.3 doc/man/man3/CMS_get1_ReceiptRequest.3 doc/man/man3/CMS_sign.3 doc/man/man3/CMS_sign_receipt.3 doc/man/man3/CMS_uncompress.3 doc/man/man3/CMS_verify.3 doc/man/man3/CMS_verify_receipt.3 doc/man/man3/CONF_modules_free.3 doc/man/man3/CONF_modules_load_file.3 doc/man/man3/CRYPTO_THREAD_run_once.3 doc/man/man3/CRYPTO_get_ex_new_index.3 doc/man/man3/CRYPTO_memcmp.3 doc/man/man3/CTLOG_STORE_get0_log_by_id.3 doc/man/man3/CTLOG_STORE_new.3 doc/man/man3/CTLOG_new.3 doc/man/man3/CT_POLICY_EVAL_CTX_new.3 doc/man/man3/DEFINE_STACK_OF.3 doc/man/man3/DES_random_key.3 doc/man/man3/DH_generate_key.3 doc/man/man3/DH_generate_parameters.3 doc/man/man3/DH_get0_pqg.3 doc/man/man3/DH_get_1024_160.3 doc/man/man3/DH_meth_new.3 doc/man/man3/DH_new.3 doc/man/man3/DH_new_by_nid.3 doc/man/man3/DH_set_method.3 doc/man/man3/DH_size.3 doc/man/man3/DSA_SIG_new.3 doc/man/man3/DSA_do_sign.3 doc/man/man3/DSA_dup_DH.3 doc/man/man3/DSA_generate_key.3 doc/man/man3/DSA_generate_parameters.3 doc/man/man3/DSA_get0_pqg.3 doc/man/man3/DSA_meth_new.3 doc/man/man3/DSA_new.3 doc/man/man3/DSA_set_method.3 doc/man/man3/DSA_sign.3 doc/man/man3/DSA_size.3 doc/man/man3/DTLS_get_data_mtu.3 doc/man/man3/DTLS_set_timer_cb.3 doc/man/man3/DTLSv1_listen.3 doc/man/man3/ECDSA_SIG_new.3 doc/man/man3/ECPKParameters_print.3 doc/man/man3/EC_GFp_simple_method.3 doc/man/man3/EC_GROUP_copy.3 doc/man/man3/EC_GROUP_new.3 doc/man/man3/EC_KEY_get_enc_flags.3 doc/man/man3/EC_KEY_new.3 doc/man/man3/EC_POINT_add.3 doc/man/man3/EC_POINT_new.3 doc/man/man3/ENGINE_add.3 doc/man/man3/ERR_GET_LIB.3 doc/man/man3/ERR_clear_error.3 doc/man/man3/ERR_error_string.3 doc/man/man3/ERR_get_error.3 doc/man/man3/ERR_load_crypto_strings.3 doc/man/man3/ERR_load_strings.3 doc/man/man3/ERR_new.3 doc/man/man3/ERR_print_errors.3 doc/man/man3/ERR_put_error.3 doc/man/man3/ERR_remove_state.3 doc/man/man3/ERR_set_mark.3 doc/man/man3/EVP_ASYM_CIPHER_free.3 doc/man/man3/EVP_BytesToKey.3 doc/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 doc/man/man3/EVP_CIPHER_meth_new.3 doc/man/man3/EVP_DigestInit.3 doc/man/man3/EVP_DigestSignInit.3 doc/man/man3/EVP_DigestVerifyInit.3 doc/man/man3/EVP_EncodeInit.3 doc/man/man3/EVP_EncryptInit.3 doc/man/man3/EVP_KDF.3 doc/man/man3/EVP_KEYEXCH_free.3 doc/man/man3/EVP_KEYMGMT.3 doc/man/man3/EVP_MAC.3 doc/man/man3/EVP_MD_meth_new.3 doc/man/man3/EVP_OpenInit.3 doc/man/man3/EVP_PKEY_ASN1_METHOD.3 doc/man/man3/EVP_PKEY_CTX_ctrl.3 doc/man/man3/EVP_PKEY_CTX_new.3 doc/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 doc/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 doc/man/man3/EVP_PKEY_CTX_set_params.3 doc/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 doc/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 doc/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 doc/man/man3/EVP_PKEY_asn1_get_count.3 doc/man/man3/EVP_PKEY_check.3 doc/man/man3/EVP_PKEY_copy_parameters.3 doc/man/man3/EVP_PKEY_decrypt.3 doc/man/man3/EVP_PKEY_derive.3 doc/man/man3/EVP_PKEY_encrypt.3 doc/man/man3/EVP_PKEY_fromdata.3 doc/man/man3/EVP_PKEY_gen.3 doc/man/man3/EVP_PKEY_get_default_digest_nid.3 doc/man/man3/EVP_PKEY_gettable_params.3 doc/man/man3/EVP_PKEY_is_a.3 doc/man/man3/EVP_PKEY_meth_get_count.3 doc/man/man3/EVP_PKEY_meth_new.3 doc/man/man3/EVP_PKEY_new.3 doc/man/man3/EVP_PKEY_print_private.3 doc/man/man3/EVP_PKEY_set1_RSA.3 doc/man/man3/EVP_PKEY_set_type.3 doc/man/man3/EVP_PKEY_sign.3 doc/man/man3/EVP_PKEY_size.3 doc/man/man3/EVP_PKEY_supports_digest_nid.3 doc/man/man3/EVP_PKEY_verify.3 doc/man/man3/EVP_PKEY_verify_recover.3 doc/man/man3/EVP_SIGNATURE_free.3 doc/man/man3/EVP_SealInit.3 doc/man/man3/EVP_SignInit.3 doc/man/man3/EVP_VerifyInit.3 doc/man/man3/EVP_aes_128_gcm.3 doc/man/man3/EVP_aria_128_gcm.3 doc/man/man3/EVP_bf_cbc.3 doc/man/man3/EVP_blake2b512.3 doc/man/man3/EVP_camellia_128_ecb.3 doc/man/man3/EVP_cast5_cbc.3 doc/man/man3/EVP_chacha20.3 doc/man/man3/EVP_des_cbc.3 doc/man/man3/EVP_desx_cbc.3 doc/man/man3/EVP_idea_cbc.3 doc/man/man3/EVP_md2.3 doc/man/man3/EVP_md4.3 doc/man/man3/EVP_md5.3 doc/man/man3/EVP_mdc2.3 doc/man/man3/EVP_rc2_cbc.3 doc/man/man3/EVP_rc4.3 doc/man/man3/EVP_rc5_32_12_16_cbc.3 doc/man/man3/EVP_ripemd160.3 doc/man/man3/EVP_seed_cbc.3 doc/man/man3/EVP_set_default_properties.3 doc/man/man3/EVP_sha1.3 doc/man/man3/EVP_sha224.3 doc/man/man3/EVP_sha3_224.3 doc/man/man3/EVP_sm3.3 doc/man/man3/EVP_sm4_cbc.3 doc/man/man3/EVP_whirlpool.3 doc/man/man3/HMAC.3 doc/man/man3/MD5.3 doc/man/man3/MDC2_Init.3 doc/man/man3/NCONF_new_with_libctx.3 doc/man/man3/OBJ_nid2obj.3 doc/man/man3/OCSP_REQUEST_new.3 doc/man/man3/OCSP_cert_to_id.3 doc/man/man3/OCSP_request_add1_nonce.3 doc/man/man3/OCSP_resp_find_status.3 doc/man/man3/OCSP_response_status.3 doc/man/man3/OCSP_sendreq_new.3 doc/man/man3/OPENSSL_Applink.3 doc/man/man3/OPENSSL_CTX.3 doc/man/man3/OPENSSL_FILE.3 doc/man/man3/OPENSSL_LH_COMPFUNC.3 doc/man/man3/OPENSSL_LH_stats.3 doc/man/man3/OPENSSL_config.3 doc/man/man3/OPENSSL_fork_prepare.3 doc/man/man3/OPENSSL_hexchar2int.3 doc/man/man3/OPENSSL_ia32cap.3 doc/man/man3/OPENSSL_init_crypto.3 doc/man/man3/OPENSSL_init_ssl.3 doc/man/man3/OPENSSL_instrument_bus.3 doc/man/man3/OPENSSL_load_builtin_modules.3 doc/man/man3/OPENSSL_malloc.3 doc/man/man3/OPENSSL_s390xcap.3 doc/man/man3/OPENSSL_secure_malloc.3 doc/man/man3/OSSL_CMP_CTX_new.3 doc/man/man3/OSSL_CMP_HDR_get0_transactionID.3 doc/man/man3/OSSL_CMP_ITAV_set0.3 doc/man/man3/OSSL_CMP_MSG_get0_header.3 doc/man/man3/OSSL_CMP_MSG_http_perform.3 doc/man/man3/OSSL_CMP_SRV_CTX_new.3 doc/man/man3/OSSL_CMP_STATUSINFO_new.3 doc/man/man3/OSSL_CMP_exec_IR_ses.3 doc/man/man3/OSSL_CMP_log_open.3 doc/man/man3/OSSL_CMP_validate_msg.3 doc/man/man3/OSSL_CRMF_MSG_get0_tmpl.3 doc/man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 doc/man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 doc/man/man3/OSSL_CRMF_MSG_set_validity.3 doc/man/man3/OSSL_CRMF_pbmp_new.3 doc/man/man3/OSSL_HTTP_transfer.3 doc/man/man3/OSSL_PARAM.3 doc/man/man3/OSSL_PARAM_BLD.3 doc/man/man3/OSSL_PARAM_allocate_from_text.3 doc/man/man3/OSSL_PARAM_int.3 doc/man/man3/OSSL_PROVIDER.3 doc/man/man3/OSSL_SELF_TEST_new.3 doc/man/man3/OSSL_SELF_TEST_set_callback.3 doc/man/man3/OSSL_SERIALIZER.3 doc/man/man3/OSSL_SERIALIZER_CTX.3 doc/man/man3/OSSL_SERIALIZER_CTX_new_by_EVP_PKEY.3 doc/man/man3/OSSL_SERIALIZER_to_bio.3 doc/man/man3/OSSL_STORE_INFO.3 doc/man/man3/OSSL_STORE_LOADER.3 doc/man/man3/OSSL_STORE_SEARCH.3 doc/man/man3/OSSL_STORE_attach.3 doc/man/man3/OSSL_STORE_expect.3 doc/man/man3/OSSL_STORE_open.3 doc/man/man3/OSSL_trace_enabled.3 doc/man/man3/OSSL_trace_get_category_num.3 doc/man/man3/OSSL_trace_set_channel.3 doc/man/man3/OpenSSL_add_all_algorithms.3 doc/man/man3/OpenSSL_version.3 doc/man/man3/PEM_bytes_read_bio.3 doc/man/man3/PEM_read.3 doc/man/man3/PEM_read_CMS.3 doc/man/man3/PEM_read_bio_PrivateKey.3 doc/man/man3/PEM_read_bio_ex.3 doc/man/man3/PEM_write_bio_CMS_stream.3 doc/man/man3/PEM_write_bio_PKCS7_stream.3 doc/man/man3/PKCS12_SAFEBAG_get0_attrs.3 doc/man/man3/PKCS12_add_CSPName_asc.3 doc/man/man3/PKCS12_add_friendlyname_asc.3 doc/man/man3/PKCS12_add_localkeyid.3 doc/man/man3/PKCS12_create.3 doc/man/man3/PKCS12_get_friendlyname.3 doc/man/man3/PKCS12_newpass.3 doc/man/man3/PKCS12_parse.3 doc/man/man3/PKCS5_PBKDF2_HMAC.3 doc/man/man3/PKCS7_decrypt.3 doc/man/man3/PKCS7_encrypt.3 doc/man/man3/PKCS7_sign.3 doc/man/man3/PKCS7_sign_add_signer.3 doc/man/man3/PKCS7_verify.3 doc/man/man3/PKCS8_pkey_add1_attr.3 doc/man/man3/RAND_DRBG_generate.3 doc/man/man3/RAND_DRBG_get0_master.3 doc/man/man3/RAND_DRBG_new.3 doc/man/man3/RAND_DRBG_reseed.3 doc/man/man3/RAND_DRBG_set_callbacks.3 doc/man/man3/RAND_add.3 doc/man/man3/RAND_bytes.3 doc/man/man3/RAND_cleanup.3 doc/man/man3/RAND_egd.3 doc/man/man3/RAND_load_file.3 doc/man/man3/RAND_set_rand_method.3 doc/man/man3/RC4_set_key.3 doc/man/man3/RIPEMD160_Init.3 doc/man/man3/RSA_blinding_on.3 doc/man/man3/RSA_check_key.3 doc/man/man3/RSA_generate_key.3 doc/man/man3/RSA_get0_key.3 doc/man/man3/RSA_meth_new.3 doc/man/man3/RSA_new.3 doc/man/man3/RSA_padding_add_PKCS1_type_1.3 doc/man/man3/RSA_print.3 doc/man/man3/RSA_private_encrypt.3 doc/man/man3/RSA_public_encrypt.3 doc/man/man3/RSA_set_method.3 doc/man/man3/RSA_sign.3 doc/man/man3/RSA_sign_ASN1_OCTET_STRING.3 doc/man/man3/RSA_size.3 doc/man/man3/SCT_new.3 doc/man/man3/SCT_print.3 doc/man/man3/SCT_validate.3 doc/man/man3/SHA256_Init.3 doc/man/man3/SMIME_read_CMS.3 doc/man/man3/SMIME_read_PKCS7.3 doc/man/man3/SMIME_write_CMS.3 doc/man/man3/SMIME_write_PKCS7.3 doc/man/man3/SRP_Calc_B.3 doc/man/man3/SRP_VBASE_new.3 doc/man/man3/SRP_create_verifier.3 doc/man/man3/SRP_user_pwd_new.3 doc/man/man3/SSL_CIPHER_get_name.3 doc/man/man3/SSL_COMP_add_compression_method.3 doc/man/man3/SSL_CONF_CTX_new.3 doc/man/man3/SSL_CONF_CTX_set1_prefix.3 doc/man/man3/SSL_CONF_CTX_set_flags.3 doc/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 doc/man/man3/SSL_CONF_cmd.3 doc/man/man3/SSL_CONF_cmd_argv.3 doc/man/man3/SSL_CTX_add1_chain_cert.3 doc/man/man3/SSL_CTX_add_extra_chain_cert.3 doc/man/man3/SSL_CTX_add_session.3 doc/man/man3/SSL_CTX_config.3 doc/man/man3/SSL_CTX_ctrl.3 doc/man/man3/SSL_CTX_dane_enable.3 doc/man/man3/SSL_CTX_flush_sessions.3 doc/man/man3/SSL_CTX_free.3 doc/man/man3/SSL_CTX_get0_param.3 doc/man/man3/SSL_CTX_get_verify_mode.3 doc/man/man3/SSL_CTX_has_client_custom_ext.3 doc/man/man3/SSL_CTX_load_verify_locations.3 doc/man/man3/SSL_CTX_new.3 doc/man/man3/SSL_CTX_sess_number.3 doc/man/man3/SSL_CTX_sess_set_cache_size.3 doc/man/man3/SSL_CTX_sess_set_get_cb.3 doc/man/man3/SSL_CTX_sessions.3 doc/man/man3/SSL_CTX_set0_CA_list.3 doc/man/man3/SSL_CTX_set1_curves.3 doc/man/man3/SSL_CTX_set1_sigalgs.3 doc/man/man3/SSL_CTX_set1_verify_cert_store.3 doc/man/man3/SSL_CTX_set_alpn_select_cb.3 doc/man/man3/SSL_CTX_set_cert_cb.3 doc/man/man3/SSL_CTX_set_cert_store.3 doc/man/man3/SSL_CTX_set_cert_verify_callback.3 doc/man/man3/SSL_CTX_set_cipher_list.3 doc/man/man3/SSL_CTX_set_client_cert_cb.3 doc/man/man3/SSL_CTX_set_client_hello_cb.3 doc/man/man3/SSL_CTX_set_ct_validation_callback.3 doc/man/man3/SSL_CTX_set_ctlog_list_file.3 doc/man/man3/SSL_CTX_set_default_passwd_cb.3 doc/man/man3/SSL_CTX_set_generate_session_id.3 doc/man/man3/SSL_CTX_set_info_callback.3 doc/man/man3/SSL_CTX_set_keylog_callback.3 doc/man/man3/SSL_CTX_set_max_cert_list.3 doc/man/man3/SSL_CTX_set_min_proto_version.3 doc/man/man3/SSL_CTX_set_mode.3 doc/man/man3/SSL_CTX_set_msg_callback.3 doc/man/man3/SSL_CTX_set_num_tickets.3 doc/man/man3/SSL_CTX_set_options.3 doc/man/man3/SSL_CTX_set_psk_client_callback.3 doc/man/man3/SSL_CTX_set_quiet_shutdown.3 doc/man/man3/SSL_CTX_set_read_ahead.3 doc/man/man3/SSL_CTX_set_record_padding_callback.3 doc/man/man3/SSL_CTX_set_security_level.3 doc/man/man3/SSL_CTX_set_session_cache_mode.3 doc/man/man3/SSL_CTX_set_session_id_context.3 doc/man/man3/SSL_CTX_set_session_ticket_cb.3 doc/man/man3/SSL_CTX_set_split_send_fragment.3 doc/man/man3/SSL_CTX_set_srp_password.3 doc/man/man3/SSL_CTX_set_ssl_version.3 doc/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 doc/man/man3/SSL_CTX_set_timeout.3 doc/man/man3/SSL_CTX_set_tlsext_servername_callback.3 doc/man/man3/SSL_CTX_set_tlsext_status_cb.3 doc/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 doc/man/man3/SSL_CTX_set_tlsext_use_srtp.3 doc/man/man3/SSL_CTX_set_tmp_dh_callback.3 doc/man/man3/SSL_CTX_set_tmp_ecdh.3 doc/man/man3/SSL_CTX_set_verify.3 doc/man/man3/SSL_CTX_use_certificate.3 doc/man/man3/SSL_CTX_use_psk_identity_hint.3 doc/man/man3/SSL_CTX_use_serverinfo.3 doc/man/man3/SSL_SESSION_free.3 doc/man/man3/SSL_SESSION_get0_cipher.3 doc/man/man3/SSL_SESSION_get0_hostname.3 doc/man/man3/SSL_SESSION_get0_id_context.3 doc/man/man3/SSL_SESSION_get0_peer.3 doc/man/man3/SSL_SESSION_get_compress_id.3 doc/man/man3/SSL_SESSION_get_protocol_version.3 doc/man/man3/SSL_SESSION_get_time.3 doc/man/man3/SSL_SESSION_has_ticket.3 doc/man/man3/SSL_SESSION_is_resumable.3 doc/man/man3/SSL_SESSION_print.3 doc/man/man3/SSL_SESSION_set1_id.3 doc/man/man3/SSL_accept.3 doc/man/man3/SSL_alert_type_string.3 doc/man/man3/SSL_alloc_buffers.3 doc/man/man3/SSL_check_chain.3 doc/man/man3/SSL_clear.3 doc/man/man3/SSL_connect.3 doc/man/man3/SSL_do_handshake.3 doc/man/man3/SSL_export_keying_material.3 doc/man/man3/SSL_extension_supported.3 doc/man/man3/SSL_free.3 doc/man/man3/SSL_get0_peer_scts.3 doc/man/man3/SSL_get_SSL_CTX.3 doc/man/man3/SSL_get_all_async_fds.3 doc/man/man3/SSL_get_ciphers.3 doc/man/man3/SSL_get_client_random.3 doc/man/man3/SSL_get_current_cipher.3 doc/man/man3/SSL_get_default_timeout.3 doc/man/man3/SSL_get_error.3 doc/man/man3/SSL_get_extms_support.3 doc/man/man3/SSL_get_fd.3 doc/man/man3/SSL_get_peer_cert_chain.3 doc/man/man3/SSL_get_peer_certificate.3 doc/man/man3/SSL_get_peer_signature_nid.3 doc/man/man3/SSL_get_peer_tmp_key.3 doc/man/man3/SSL_get_psk_identity.3 doc/man/man3/SSL_get_rbio.3 doc/man/man3/SSL_get_session.3 doc/man/man3/SSL_get_shared_sigalgs.3 doc/man/man3/SSL_get_verify_result.3 doc/man/man3/SSL_get_version.3 doc/man/man3/SSL_in_init.3 doc/man/man3/SSL_key_update.3 doc/man/man3/SSL_library_init.3 doc/man/man3/SSL_load_client_CA_file.3 doc/man/man3/SSL_new.3 doc/man/man3/SSL_pending.3 doc/man/man3/SSL_read.3 doc/man/man3/SSL_read_early_data.3 doc/man/man3/SSL_rstate_string.3 doc/man/man3/SSL_session_reused.3 doc/man/man3/SSL_set1_host.3 doc/man/man3/SSL_set_async_callback.3 doc/man/man3/SSL_set_bio.3 doc/man/man3/SSL_set_connect_state.3 doc/man/man3/SSL_set_fd.3 doc/man/man3/SSL_set_session.3 doc/man/man3/SSL_set_shutdown.3 doc/man/man3/SSL_set_verify_result.3 doc/man/man3/SSL_shutdown.3 doc/man/man3/SSL_state_string.3 doc/man/man3/SSL_want.3 doc/man/man3/SSL_write.3 doc/man/man3/TS_VERIFY_CTX_set_certs.3 doc/man/man3/UI_STRING.3 doc/man/man3/UI_UTIL_read_pw.3 doc/man/man3/UI_create_method.3 doc/man/man3/UI_new.3 doc/man/man3/X509V3_get_d2i.3 doc/man/man3/X509_ALGOR_dup.3 doc/man/man3/X509_CRL_get0_by_serial.3 doc/man/man3/X509_EXTENSION_set_object.3 doc/man/man3/X509_LOOKUP.3 doc/man/man3/X509_LOOKUP_hash_dir.3 doc/man/man3/X509_LOOKUP_meth_new.3 doc/man/man3/X509_NAME_ENTRY_get_object.3 doc/man/man3/X509_NAME_add_entry_by_txt.3 doc/man/man3/X509_NAME_get0_der.3 doc/man/man3/X509_NAME_get_index_by_NID.3 doc/man/man3/X509_NAME_print_ex.3 doc/man/man3/X509_PUBKEY_new.3 doc/man/man3/X509_SIG_get0.3 doc/man/man3/X509_STORE_CTX_get_error.3 doc/man/man3/X509_STORE_CTX_new.3 doc/man/man3/X509_STORE_CTX_set_verify_cb.3 doc/man/man3/X509_STORE_add_cert.3 doc/man/man3/X509_STORE_get0_param.3 doc/man/man3/X509_STORE_new.3 doc/man/man3/X509_STORE_set_verify_cb_func.3 doc/man/man3/X509_VERIFY_PARAM_set_flags.3 doc/man/man3/X509_check_ca.3 doc/man/man3/X509_check_host.3 doc/man/man3/X509_check_issued.3 doc/man/man3/X509_check_private_key.3 doc/man/man3/X509_check_purpose.3 doc/man/man3/X509_cmp.3 doc/man/man3/X509_cmp_time.3 doc/man/man3/X509_digest.3 doc/man/man3/X509_dup.3 doc/man/man3/X509_get0_distinguishing_id.3 doc/man/man3/X509_get0_notBefore.3 doc/man/man3/X509_get0_signature.3 doc/man/man3/X509_get0_uids.3 doc/man/man3/X509_get_extension_flags.3 doc/man/man3/X509_get_pubkey.3 doc/man/man3/X509_get_serialNumber.3 doc/man/man3/X509_get_subject_name.3 doc/man/man3/X509_get_version.3 doc/man/man3/X509_load_http.3 doc/man/man3/X509_new.3 doc/man/man3/X509_sign.3 doc/man/man3/X509_verify_cert.3 doc/man/man3/X509v3_cache_extensions.3 doc/man/man3/X509v3_get_ext_by_NID.3 doc/man/man3/d2i_DHparams.3 doc/man/man3/d2i_PKCS8PrivateKey_bio.3 doc/man/man3/d2i_PrivateKey.3 doc/man/man3/d2i_SSL_SESSION.3 doc/man/man3/d2i_X509.3 doc/man/man3/i2d_CMS_bio_stream.3 doc/man/man3/i2d_PKCS7_bio_stream.3 doc/man/man3/i2d_re_X509_tbs.3 doc/man/man3/o2i_SCT_LIST.3 doc/man/man3/s2i_ASN1_IA5STRING.3 doc/man/man5/config.5 doc/man/man5/fips_config.5 doc/man/man5/x509v3_config.5 doc/man/man7/EVP_KDF-HKDF.7 doc/man/man7/EVP_KDF-KB.7 doc/man/man7/EVP_KDF-KRB5KDF.7 doc/man/man7/EVP_KDF-PBKDF2.7 doc/man/man7/EVP_KDF-SCRYPT.7 doc/man/man7/EVP_KDF-SS.7 doc/man/man7/EVP_KDF-SSHKDF.7 doc/man/man7/EVP_KDF-TLS1_PRF.7 doc/man/man7/EVP_KDF-X942.7 doc/man/man7/EVP_KDF-X963.7 doc/man/man7/EVP_KEYEXCH-DH.7 doc/man/man7/EVP_KEYEXCH-ECDH.7 doc/man/man7/EVP_KEYEXCH-X25519.7 doc/man/man7/EVP_MAC-BLAKE2.7 doc/man/man7/EVP_MAC-CMAC.7 doc/man/man7/EVP_MAC-GMAC.7 doc/man/man7/EVP_MAC-HMAC.7 doc/man/man7/EVP_MAC-KMAC.7 doc/man/man7/EVP_MAC-Poly1305.7 doc/man/man7/EVP_MAC-Siphash.7 doc/man/man7/EVP_MD-BLAKE2.7 doc/man/man7/EVP_MD-MD2.7 doc/man/man7/EVP_MD-MD4.7 doc/man/man7/EVP_MD-MD5-SHA1.7 doc/man/man7/EVP_MD-MD5.7 doc/man/man7/EVP_MD-MDC2.7 doc/man/man7/EVP_MD-RIPEMD160.7 doc/man/man7/EVP_MD-SHA1.7 doc/man/man7/EVP_MD-SHA2.7 doc/man/man7/EVP_MD-SHA3.7 doc/man/man7/EVP_MD-SHAKE.7 doc/man/man7/EVP_MD-SM3.7 doc/man/man7/EVP_MD-WHIRLPOOL.7 doc/man/man7/EVP_MD-common.7 doc/man/man7/EVP_PKEY-DH.7 doc/man/man7/EVP_PKEY-DSA.7 doc/man/man7/EVP_PKEY-EC.7 doc/man/man7/EVP_PKEY-FFC.7 doc/man/man7/EVP_PKEY-RSA.7 doc/man/man7/EVP_PKEY-X25519.7 doc/man/man7/EVP_SIGNATURE-DSA.7 doc/man/man7/EVP_SIGNATURE-ECDSA.7 doc/man/man7/EVP_SIGNATURE-ED25519.7 doc/man/man7/EVP_SIGNATURE-RSA.7 doc/man/man7/OSSL_PROVIDER-FIPS.7 doc/man/man7/OSSL_PROVIDER-default.7 doc/man/man7/OSSL_PROVIDER-legacy.7 doc/man/man7/OSSL_PROVIDER-null.7 doc/man/man7/RAND.7 doc/man/man7/RAND_DRBG.7 doc/man/man7/RSA-PSS.7 doc/man/man7/SM2.7 doc/man/man7/X25519.7 doc/man/man7/bio.7 doc/man/man7/crypto.7 doc/man/man7/ct.7 doc/man/man7/des_modes.7 doc/man/man7/evp.7 doc/man/man7/openssl-core.h.7 doc/man/man7/openssl-core_names.h.7 doc/man/man7/openssl-core_numbers.h.7 doc/man/man7/openssl-env.7 doc/man/man7/openssl_user_macros.7 doc/man/man7/ossl_store-file.7 doc/man/man7/ossl_store.7 doc/man/man7/passphrase-encoding.7 doc/man/man7/property.7 doc/man/man7/provider-asym_cipher.7 doc/man/man7/provider-base.7 doc/man/man7/provider-cipher.7 doc/man/man7/provider-digest.7 doc/man/man7/provider-keyexch.7 doc/man/man7/provider-keymgmt.7 doc/man/man7/provider-mac.7 doc/man/man7/provider-serializer.7 doc/man/man7/provider-signature.7 doc/man/man7/provider.7 doc/man/man7/proxy-certificates.7 doc/man/man7/ssl.7 doc/man/man7/x509.7 rm -f apps/openssl fuzz/asn1-test fuzz/asn1parse-test fuzz/bignum-test fuzz/bndiv-test fuzz/client-test fuzz/cmp-test fuzz/cms-test fuzz/conf-test fuzz/crl-test fuzz/ct-test fuzz/server-test fuzz/x509-test test/aborttest test/acvp_test test/aesgcmtest test/afalgtest test/asn1_decode_test test/asn1_dsa_internal_test test/asn1_encode_test test/asn1_internal_test test/asn1_string_table_test test/asn1_time_test test/asynciotest test/asynctest test/bad_dtls_test test/bftest test/bio_callback_test test/bio_enc_test test/bio_memleak_test test/bio_prefix_text test/bioprinttest test/bn_internal_test test/bntest test/buildtest_c_aes test/buildtest_c_asn1 test/buildtest_c_asn1t test/buildtest_c_async test/buildtest_c_bio test/buildtest_c_blowfish test/buildtest_c_bn test/buildtest_c_buffer test/buildtest_c_camellia test/buildtest_c_cast test/buildtest_c_cmac test/buildtest_c_cmp test/buildtest_c_cmp_util test/buildtest_c_cms test/buildtest_c_comp test/buildtest_c_conf test/buildtest_c_conf_api test/buildtest_c_core test/buildtest_c_core_names test/buildtest_c_core_numbers test/buildtest_c_crmf test/buildtest_c_crypto test/buildtest_c_ct test/buildtest_c_des test/buildtest_c_dh test/buildtest_c_dsa test/buildtest_c_e_os2 test/buildtest_c_ebcdic test/buildtest_c_ec test/buildtest_c_ecdh test/buildtest_c_ecdsa test/buildtest_c_engine test/buildtest_c_ess test/buildtest_c_evp test/buildtest_c_fips_names test/buildtest_c_hmac test/buildtest_c_http test/buildtest_c_idea test/buildtest_c_kdf test/buildtest_c_lhash test/buildtest_c_mac test/buildtest_c_macros test/buildtest_c_md4 test/buildtest_c_md5 test/buildtest_c_mdc2 test/buildtest_c_modes test/buildtest_c_obj_mac test/buildtest_c_objects test/buildtest_c_ocsp test/buildtest_c_ossl_typ test/buildtest_c_param_build test/buildtest_c_params test/buildtest_c_pem test/buildtest_c_pem2 test/buildtest_c_pkcs12 test/buildtest_c_pkcs7 test/buildtest_c_provider test/buildtest_c_rand test/buildtest_c_rand_drbg test/buildtest_c_rc2 test/buildtest_c_rc4 test/buildtest_c_ripemd test/buildtest_c_rsa test/buildtest_c_safestack test/buildtest_c_seed test/buildtest_c_self_test test/buildtest_c_serializer test/buildtest_c_sha test/buildtest_c_srp test/buildtest_c_srtp test/buildtest_c_ssl test/buildtest_c_ssl2 test/buildtest_c_stack test/buildtest_c_store test/buildtest_c_symhacks test/buildtest_c_tls1 test/buildtest_c_ts test/buildtest_c_txt_db test/buildtest_c_types test/buildtest_c_ui test/buildtest_c_whrlpool test/buildtest_c_x509 test/buildtest_c_x509_vfy test/buildtest_c_x509v3 test/casttest test/chacha_internal_test test/cipher_overhead_test test/cipherbytes_test test/cipherlist_test test/ciphername_test test/clienthellotest test/cmactest test/cmp_asn_test test/cmp_client_test test/cmp_ctx_test test/cmp_hdr_test test/cmp_msg_test test/cmp_protect_test test/cmp_server_test test/cmp_status_test test/cmp_vfy_test test/cmsapitest test/conf_include_test test/confdump test/constant_time_test test/context_internal_test test/crltest test/ct_test test/ctype_internal_test test/curve448_internal_test test/d2i_test test/danetest test/destest test/dhtest test/drbg_cavs_test test/drbg_extra_test test/drbgtest test/dsa_no_digest_size_test test/dsatest test/dtls_mtu_test test/dtlstest test/dtlsv1listentest test/ec_internal_test test/ecdsatest test/ecstresstest test/ectest test/enginetest test/errtest test/evp_extra_test test/evp_extra_test2 test/evp_fetch_prov_test test/evp_kdf_test test/evp_pkey_dparams_test test/evp_pkey_provided_test test/evp_test test/exdatatest test/exptest test/fatalerrtest test/ffc_internal_test test/gmdifftest test/gosttest test/hexstr_test test/hmactest test/http_test test/ideatest test/igetest test/keymgmt_internal_test test/lhash_test test/mdc2_internal_test test/mdc2test test/memleaktest test/modes_internal_test test/namemap_internal_test test/ocspapitest test/packettest test/param_build_test test/params_api_test test/params_conversion_test test/params_test test/pbelutest test/pemtest test/pkey_meth_kdf_test test/pkey_meth_test test/poly1305_internal_test test/property_test test/provider_fallback_test test/provider_internal_test test/provider_test test/rc2test test/rc4test test/rc5test test/rdrand_sanitytest test/recordlentest test/rsa_complex test/rsa_mp_test test/rsa_sp800_56b_test test/rsa_test test/sanitytest test/secmemtest test/servername_test test/shlibloadtest test/siphash_internal_test test/sm2_internal_test test/sm4_internal_test test/sparse_array_test test/srptest test/ssl_cert_table_internal_test test/ssl_ctx_test test/ssl_test test/ssl_test_ctx_test test/sslapitest test/sslbuffertest test/sslcorrupttest test/ssltest_old test/stack_test test/sysdefaulttest test/test_test test/threadstest test/time_offset_test test/tls13ccstest test/tls13encryptiontest test/tls13secretstest test/uitest test/v3ext test/v3nametest test/verify_extra_test test/versions test/wpackettest test/x509_check_cert_pkey_test test/x509_dup_cert_test test/x509_internal_test test/x509_time_test test/x509aux engines/afalg.so engines/capi.so engines/dasync.so engines/ossltest.so engines/padlock.so providers/fips.so providers/legacy.so test/p_test.so apps/CA.pl apps/tsget.pl tools/c_rehash util/shlib_wrap.sh rm -f doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod include/crypto/bn_conf.h include/crypto/dso_conf.h include/openssl/configuration.h include/openssl/opensslv.h test/provider_internal_test.cnf apps/CA.pl apps/progs.c apps/progs.h apps/tsget.pl crypto/aes/aes-x86_64.s crypto/aes/aesni-mb-x86_64.s crypto/aes/aesni-sha1-x86_64.s crypto/aes/aesni-sha256-x86_64.s crypto/aes/aesni-x86_64.s crypto/aes/bsaes-x86_64.s crypto/aes/vpaes-x86_64.s crypto/bn/rsaz-avx2.s crypto/bn/rsaz-x86_64.s crypto/bn/x86_64-gf2m.s crypto/bn/x86_64-mont.s crypto/bn/x86_64-mont5.s crypto/buildinf.h crypto/camellia/cmll-x86_64.s crypto/chacha/chacha-x86_64.s crypto/ec/ecp_nistz256-x86_64.s crypto/ec/x25519-x86_64.s crypto/md5/md5-x86_64.s crypto/modes/aesni-gcm-x86_64.s crypto/modes/ghash-x86_64.s crypto/poly1305/poly1305-x86_64.s crypto/rc4/rc4-md5-x86_64.s crypto/rc4/rc4-x86_64.s crypto/sha/keccak1600-x86_64.s crypto/sha/sha1-mb-x86_64.s crypto/sha/sha1-x86_64.s crypto/sha/sha256-mb-x86_64.s crypto/sha/sha256-x86_64.s crypto/sha/sha512-x86_64.s crypto/whrlpool/wp-x86_64.s crypto/x86_64cpuid.s doc/man1/openssl-asn1parse.pod doc/man1/openssl-ca.pod doc/man1/openssl-ciphers.pod doc/man1/openssl-cmds.pod doc/man1/openssl-cmp.pod doc/man1/openssl-cms.pod doc/man1/openssl-crl.pod doc/man1/openssl-crl2pkcs7.pod doc/man1/openssl-dgst.pod doc/man1/openssl-dhparam.pod doc/man1/openssl-dsa.pod doc/man1/openssl-dsaparam.pod doc/man1/openssl-ec.pod doc/man1/openssl-ecparam.pod doc/man1/openssl-enc.pod doc/man1/openssl-engine.pod doc/man1/openssl-errstr.pod doc/man1/openssl-fipsinstall.pod doc/man1/openssl-gendsa.pod doc/man1/openssl-genpkey.pod doc/man1/openssl-genrsa.pod doc/man1/openssl-info.pod doc/man1/openssl-kdf.pod doc/man1/openssl-list.pod doc/man1/openssl-mac.pod doc/man1/openssl-nseq.pod doc/man1/openssl-ocsp.pod doc/man1/openssl-passwd.pod doc/man1/openssl-pkcs12.pod doc/man1/openssl-pkcs7.pod doc/man1/openssl-pkcs8.pod doc/man1/openssl-pkey.pod doc/man1/openssl-pkeyparam.pod doc/man1/openssl-pkeyutl.pod doc/man1/openssl-prime.pod doc/man1/openssl-provider.pod doc/man1/openssl-rand.pod doc/man1/openssl-rehash.pod doc/man1/openssl-req.pod doc/man1/openssl-rsa.pod doc/man1/openssl-rsautl.pod doc/man1/openssl-s_client.pod doc/man1/openssl-s_server.pod doc/man1/openssl-s_time.pod doc/man1/openssl-sess_id.pod doc/man1/openssl-smime.pod doc/man1/openssl-speed.pod doc/man1/openssl-spkac.pod doc/man1/openssl-srp.pod doc/man1/openssl-storeutl.pod doc/man1/openssl-ts.pod doc/man1/openssl-verify.pod doc/man1/openssl-version.pod doc/man1/openssl-x509.pod doc/man7/openssl_user_macros.pod engines/afalg.ld engines/capi.ld engines/dasync.ld engines/e_padlock-x86_64.s engines/ossltest.ld engines/padlock.ld libcrypto.ld libssl.ld providers/common/der/der_digests_gen.c providers/common/der/der_dsa_gen.c providers/common/der/der_ec_gen.c providers/common/der/der_rsa_gen.c providers/common/include/prov/der_digests.h providers/common/include/prov/der_dsa.h providers/common/include/prov/der_ec.h providers/common/include/prov/der_rsa.h providers/fips.ld providers/legacy.ld test/buildtest_aes.c test/buildtest_asn1.c test/buildtest_asn1t.c test/buildtest_async.c test/buildtest_bio.c test/buildtest_blowfish.c test/buildtest_bn.c test/buildtest_buffer.c test/buildtest_camellia.c test/buildtest_cast.c test/buildtest_cmac.c test/buildtest_cmp.c test/buildtest_cmp_util.c test/buildtest_cms.c test/buildtest_comp.c test/buildtest_conf.c test/buildtest_conf_api.c test/buildtest_core.c test/buildtest_core_names.c test/buildtest_core_numbers.c test/buildtest_crmf.c test/buildtest_crypto.c test/buildtest_ct.c test/buildtest_des.c test/buildtest_dh.c test/buildtest_dsa.c test/buildtest_e_os2.c test/buildtest_ebcdic.c test/buildtest_ec.c test/buildtest_ecdh.c test/buildtest_ecdsa.c test/buildtest_engine.c test/buildtest_ess.c test/buildtest_evp.c test/buildtest_fips_names.c test/buildtest_hmac.c test/buildtest_http.c test/buildtest_idea.c test/buildtest_kdf.c test/buildtest_lhash.c test/buildtest_mac.c test/buildtest_macros.c test/buildtest_md4.c test/buildtest_md5.c test/buildtest_mdc2.c test/buildtest_modes.c test/buildtest_obj_mac.c test/buildtest_objects.c test/buildtest_ocsp.c test/buildtest_ossl_typ.c test/buildtest_param_build.c test/buildtest_params.c test/buildtest_pem.c test/buildtest_pem2.c test/buildtest_pkcs12.c test/buildtest_pkcs7.c test/buildtest_provider.c test/buildtest_rand.c test/buildtest_rand_drbg.c test/buildtest_rc2.c test/buildtest_rc4.c test/buildtest_ripemd.c test/buildtest_rsa.c test/buildtest_safestack.c test/buildtest_seed.c test/buildtest_self_test.c test/buildtest_serializer.c test/buildtest_sha.c test/buildtest_srp.c test/buildtest_srtp.c test/buildtest_ssl.c test/buildtest_ssl2.c test/buildtest_stack.c test/buildtest_store.c test/buildtest_symhacks.c test/buildtest_tls1.c test/buildtest_ts.c test/buildtest_txt_db.c test/buildtest_types.c test/buildtest_ui.c test/buildtest_whrlpool.c test/buildtest_x509.c test/buildtest_x509_vfy.c test/buildtest_x509v3.c test/p_test.ld tools/c_rehash util/shlib_wrap.sh rm -f `find . -name '*.d' \! -name '.*' \! -type d -print` rm -f `find . -name '*.o' \! -name '.*' \! -type d -print` rm -f core rm -f tags TAGS doc-nits cmd-nits md-nits rm -f -r test/test-runs rm -f openssl.pc libcrypto.pc libssl.pc rm -f `find . -type l \! -name '.*' -print` rm -f ../openssl-3.0.0-alpha4-dev.tar $ make depend $ LDCMD= make -j4 /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-asn1parse.pod.in > doc/man1/openssl-asn1parse.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ca.pod.in > doc/man1/openssl-ca.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ciphers.pod.in > doc/man1/openssl-ciphers.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmds.pod.in > doc/man1/openssl-cmds.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cmp.pod.in > doc/man1/openssl-cmp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-cms.pod.in > doc/man1/openssl-cms.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl.pod.in > doc/man1/openssl-crl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-crl2pkcs7.pod.in > doc/man1/openssl-crl2pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dgst.pod.in > doc/man1/openssl-dgst.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dhparam.pod.in > doc/man1/openssl-dhparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsa.pod.in > doc/man1/openssl-dsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-dsaparam.pod.in > doc/man1/openssl-dsaparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ec.pod.in > doc/man1/openssl-ec.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ecparam.pod.in > doc/man1/openssl-ecparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-enc.pod.in > doc/man1/openssl-enc.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-engine.pod.in > doc/man1/openssl-engine.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-errstr.pod.in > doc/man1/openssl-errstr.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-fipsinstall.pod.in > doc/man1/openssl-fipsinstall.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-gendsa.pod.in > doc/man1/openssl-gendsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genpkey.pod.in > doc/man1/openssl-genpkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-genrsa.pod.in > doc/man1/openssl-genrsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-info.pod.in > doc/man1/openssl-info.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-kdf.pod.in > doc/man1/openssl-kdf.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-list.pod.in > doc/man1/openssl-list.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-mac.pod.in > doc/man1/openssl-mac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-nseq.pod.in > doc/man1/openssl-nseq.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ocsp.pod.in > doc/man1/openssl-ocsp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-passwd.pod.in > doc/man1/openssl-passwd.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs12.pod.in > doc/man1/openssl-pkcs12.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs7.pod.in > doc/man1/openssl-pkcs7.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkcs8.pod.in > doc/man1/openssl-pkcs8.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkey.pod.in > doc/man1/openssl-pkey.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyparam.pod.in > doc/man1/openssl-pkeyparam.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-pkeyutl.pod.in > doc/man1/openssl-pkeyutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-prime.pod.in > doc/man1/openssl-prime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-provider.pod.in > doc/man1/openssl-provider.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rand.pod.in > doc/man1/openssl-rand.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rehash.pod.in > doc/man1/openssl-rehash.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-req.pod.in > doc/man1/openssl-req.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsa.pod.in > doc/man1/openssl-rsa.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-rsautl.pod.in > doc/man1/openssl-rsautl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_client.pod.in > doc/man1/openssl-s_client.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_server.pod.in > doc/man1/openssl-s_server.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-s_time.pod.in > doc/man1/openssl-s_time.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-sess_id.pod.in > doc/man1/openssl-sess_id.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-smime.pod.in > doc/man1/openssl-smime.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-speed.pod.in > doc/man1/openssl-speed.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-spkac.pod.in > doc/man1/openssl-spkac.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-srp.pod.in > doc/man1/openssl-srp.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-storeutl.pod.in > doc/man1/openssl-storeutl.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-ts.pod.in > doc/man1/openssl-ts.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-verify.pod.in > doc/man1/openssl-verify.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-version.pod.in > doc/man1/openssl-version.pod /usr/bin/perl "-I." "-I../openssl/doc" -Mconfigdata -Mperlvars "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man1/openssl-x509.pod.in > doc/man1/openssl-x509.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/doc/man7/openssl_user_macros.pod.in > doc/man7/openssl_user_macros.pod /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/bn_conf.h.in > include/crypto/bn_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/crypto/dso_conf.h.in > include/crypto/dso_conf.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/configuration.h.in > include/openssl/configuration.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/include/openssl/opensslv.h.in > include/openssl/opensslv.h /usr/bin/perl "-I." -Mconfigdata "../openssl/util/dofile.pl" "-oMakefile" ../openssl/test/provider_internal_test.cnf.in > test/provider_internal_test.cnf make depend && make _build_sw make[1]: Entering directory '/home/openssl/run-checker/no-sock' make[1]: Leaving directory '/home/openssl/run-checker/no-sock' make[1]: Entering directory '/home/openssl/run-checker/no-sock' clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_params.d.tmp -MT apps/lib/libapps-lib-app_params.o -c -o apps/lib/libapps-lib-app_params.o ../openssl/apps/lib/app_params.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_provider.d.tmp -MT apps/lib/libapps-lib-app_provider.o -c -o apps/lib/libapps-lib-app_provider.o ../openssl/apps/lib/app_provider.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_rand.d.tmp -MT apps/lib/libapps-lib-app_rand.o -c -o apps/lib/libapps-lib-app_rand.o ../openssl/apps/lib/app_rand.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-app_x509.d.tmp -MT apps/lib/libapps-lib-app_x509.o -c -o apps/lib/libapps-lib-app_x509.o ../openssl/apps/lib/app_x509.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps.d.tmp -MT apps/lib/libapps-lib-apps.o -c -o apps/lib/libapps-lib-apps.o ../openssl/apps/lib/apps.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-apps_ui.d.tmp -MT apps/lib/libapps-lib-apps_ui.o -c -o apps/lib/libapps-lib-apps_ui.o ../openssl/apps/lib/apps_ui.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-columns.d.tmp -MT apps/lib/libapps-lib-columns.o -c -o apps/lib/libapps-lib-columns.o ../openssl/apps/lib/columns.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-fmt.d.tmp -MT apps/lib/libapps-lib-fmt.o -c -o apps/lib/libapps-lib-fmt.o ../openssl/apps/lib/fmt.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-http_server.d.tmp -MT apps/lib/libapps-lib-http_server.o -c -o apps/lib/libapps-lib-http_server.o ../openssl/apps/lib/http_server.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-names.d.tmp -MT apps/lib/libapps-lib-names.o -c -o apps/lib/libapps-lib-names.o ../openssl/apps/lib/names.c clang -I. -Iinclude -Iapps/include -I../openssl -I../openssl/include -I../openssl/apps/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -Wall -O0 -g -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wmissing-prototypes -Wstrict-prototypes -Wno-unknown-warning-option -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-3\"" -DMODULESDIR="\"/usr/local/lib/ossl-modules\"" -DOPENSSL_BUILDING_OPENSSL -MMD -MF apps/lib/libapps-lib-opt.d.tmp -MT apps/lib/libapps-lib-opt.o -c -o apps/lib/libapps-lib-opt.o ../openssl/apps/lib/opt.c ../openssl/apps/lib/http_server.c:27:5: error: no previous extern declaration for non-static variable 'multi' [-Werror,-Wmissing-variable-declarations] int multi = 0; /* run multiple responder processes */ ^ 1 error generated. Makefile:4086: recipe for target 'apps/lib/libapps-lib-http_server.o' failed make[1]: *** [apps/lib/libapps-lib-http_server.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-sock' Makefile:3061: recipe for target 'build_sw' failed make: *** [build_sw] Error 2 From levitte at openssl.org Tue Jun 23 10:24:18 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Jun 2020 10:24:18 +0000 Subject: [openssl] master update Message-ID: <1592907858.988322.3361.nullmailer@dev.openssl.org> The branch master has been updated via 96786ad12308215621142f7cb2ef21a9aca30665 (commit) from 90cf3099df43a5419d59e6a66e75970cbb50a28a (commit) - Log ----------------------------------------------------------------- commit 96786ad12308215621142f7cb2ef21a9aca30665 Author: Sebastian Andrzej Siewior Date: Sat Jun 6 12:55:59 2020 +0200 APPS: Fix invoking openssl without a command Invoking help with "empty" argc leads to a segfault. Invoke do_cmd() with help as argument which invokes help_main() with proper argv. Fixes #12069 Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12070) ----------------------------------------------------------------------- Summary of changes: apps/openssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/openssl.c b/apps/openssl.c index 4c97936824..fdf4a746f8 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -205,6 +205,8 @@ static void setup_trace(const char *str) } #endif /* OPENSSL_NO_TRACE */ +static char *help_argv[] = { "help" }; + int main(int argc, char *argv[]) { FUNCTION f, *fp; @@ -268,7 +270,7 @@ int main(int argc, char *argv[]) /* If there's a command, run with that, otherwise "help". */ ret = argc > 0 ? do_cmd(prog, argc, argv) - : help_main(argc, argv); + : do_cmd(prog, 1, help_argv); end: app_providers_cleanup(); From levitte at openssl.org Tue Jun 23 10:26:57 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Jun 2020 10:26:57 +0000 Subject: [openssl] master update Message-ID: <1592908017.188632.7206.nullmailer@dev.openssl.org> The branch master has been updated via a4e440d6477b40b04ce825dae14c7f27778ca8f1 (commit) via 00493490ddd824932d2019de4a73175cb50d7b95 (commit) from 96786ad12308215621142f7cb2ef21a9aca30665 (commit) - Log ----------------------------------------------------------------- commit a4e440d6477b40b04ce825dae14c7f27778ca8f1 Author: Sebastian Andrzej Siewior Date: Tue Jun 16 23:50:26 2020 +0200 TEST: Pass -no-CAstore in 80-test_ocsp.t Without passing -no-CAstore the default CAstore will be used and the testsuite will fail the system has certificates installed. Fixes: #11645 Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12171) commit 00493490ddd824932d2019de4a73175cb50d7b95 Author: Sebastian Andrzej Siewior Date: Tue Jun 16 23:47:48 2020 +0200 APPS: Properly pass -no-CAstore Since its introduction the option no-CAstore maps to OPT_NOCAPATH and so behaves like -no-CApath. Map no-CAstore to OPT_NOCASTORE. Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12171) ----------------------------------------------------------------------- Summary of changes: apps/ocsp.c | 2 +- apps/verify.c | 2 +- test/recipes/80-test_ocsp.t | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index 6095e6b2f6..4660a7fe5a 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -117,7 +117,7 @@ const OPTIONS ocsp_options[] = { "Do not load the default certificates file"}, {"no-CApath", OPT_NOCAPATH, '-', "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCAPATH, '-', + {"no-CAstore", OPT_NOCASTORE, '-', "Do not load certificates from the default certificates store"}, OPT_SECTION("Responder"), diff --git a/apps/verify.c b/apps/verify.c index e0eaaabe20..eee81799bf 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -60,7 +60,7 @@ const OPTIONS verify_options[] = { "Do not load the default trusted certificates file"}, {"no-CApath", OPT_NOCAPATH, '-', "Do not load trusted certificates from the default directory"}, - {"no-CAstore", OPT_NOCAPATH, '-', + {"no-CAstore", OPT_NOCASTORE, '-', "Do not load trusted certificates from the default certificates store"}, {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"}, {"CRLfile", OPT_CRLFILE, '<', diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t index 3aedd093e5..3727c360ba 100644 --- a/test/recipes/80-test_ocsp.t +++ b/test/recipes/80-test_ocsp.t @@ -45,7 +45,7 @@ sub test_ocsp { "-partial_chain", @check_time, "-CAfile", catfile($ocspdir, $CAfile), "-verify_other", catfile($ocspdir, $untrusted), - "-no-CApath"])), + "-no-CApath", "-no-CAstore"])), $title); }); } From levitte at openssl.org Tue Jun 23 10:29:20 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Jun 2020 10:29:20 +0000 Subject: [openssl] master update Message-ID: <1592908160.778941.10366.nullmailer@dev.openssl.org> The branch master has been updated via 7905806c94b17b1907d5352ceb047dd8d859288c (commit) from a4e440d6477b40b04ce825dae14c7f27778ca8f1 (commit) - Log ----------------------------------------------------------------- commit 7905806c94b17b1907d5352ceb047dd8d859288c Author: Shane Lontis Date: Wed Jun 17 17:26:47 2020 +1000 Fix potential double free in rsa_keygen pairwise test. It should never hit this branch of code, so there is no feasible test. Found due to a similar issue in PR #12176. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12177) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_gen.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index e391f6419a..1cdc8d91e8 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -451,6 +451,12 @@ static int rsa_keygen(OPENSSL_CTX *libctx, RSA *rsa, int bits, int primes, BN_clear_free(rsa->dmp1); BN_clear_free(rsa->dmq1); BN_clear_free(rsa->iqmp); + rsa->d = NULL; + rsa->p = NULL; + rsa->q = NULL; + rsa->dmp1 = NULL; + rsa->dmq1 = NULL; + rsa->iqmp = NULL; } } return ok; From levitte at openssl.org Tue Jun 23 10:31:12 2020 From: levitte at openssl.org (Richard Levitte) Date: Tue, 23 Jun 2020 10:31:12 +0000 Subject: [openssl] master update Message-ID: <1592908272.495934.12797.nullmailer@dev.openssl.org> The branch master has been updated via 1b495200436b57309ca958a7a72affaf75171c1a (commit) from 7905806c94b17b1907d5352ceb047dd8d859288c (commit) - Log ----------------------------------------------------------------- commit 1b495200436b57309ca958a7a72affaf75171c1a Author: Jean-Christophe Fillion-Robin Date: Thu Jun 18 17:33:16 2020 -0400 DOC: Fix link to test/README.external in INSTALL.md CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12198) ----------------------------------------------------------------------- Summary of changes: INSTALL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 5afd1acae2..0b93ccd98b 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -663,7 +663,7 @@ external test suites are currently supported: - Python PYCA/Cryptography test suite - krb5 test suite -See the file [test/README.external]/(test/README.external) for further details. +See the file [test/README.external](test/README.external) for further details. ### no-filenames From pauli at openssl.org Tue Jun 23 11:46:00 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 23 Jun 2020 11:46:00 +0000 Subject: [openssl] master update Message-ID: <1592912760.174454.6595.nullmailer@dev.openssl.org> The branch master has been updated via e3d6dc59fb3689f92d890a20fb5e1e5588dc95b8 (commit) via f9e504e8b1d4da4b8c9c16ee4c11e9815a800422 (commit) from 1b495200436b57309ca958a7a72affaf75171c1a (commit) - Log ----------------------------------------------------------------- commit e3d6dc59fb3689f92d890a20fb5e1e5588dc95b8 Author: Pauli Date: Mon Jun 15 10:07:50 2020 +1000 property: correctly set the has optional flag when merging property lists Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12123) commit f9e504e8b1d4da4b8c9c16ee4c11e9815a800422 Author: Pauli Date: Fri Jun 12 10:34:46 2020 +1000 property: Move global default properties to the library context. Fixes a problem where global properties don't work with a NULL query. Specifying an algorithm with a NULL query ignores the default properties. Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12123) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + crypto/evp/evp_err.c | 2 + crypto/evp/evp_fetch.c | 54 +++++++++--- crypto/property/property.c | 148 +++++++++++--------------------- crypto/property/property_local.h | 2 - crypto/property/property_parse.c | 2 + doc/internal/man3/OSSL_METHOD_STORE.pod | 15 ++-- include/internal/cryptlib.h | 3 +- include/internal/property.h | 17 ++-- include/openssl/evperr.h | 3 +- test/evp_extra_test.c | 30 +++++++ 11 files changed, 148 insertions(+), 129 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index c308036003..e5df6bc092 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2522,6 +2522,7 @@ EVP_R_CTRL_NOT_IMPLEMENTED:132:ctrl not implemented EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED:133:ctrl operation not implemented EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:138:data not multiple of block length EVP_R_DECODE_ERROR:114:decode error +EVP_R_DEFAULT_QUERY_PARSE_ERROR:210:default query parse error EVP_R_DIFFERENT_KEY_TYPES:101:different key types EVP_R_DIFFERENT_PARAMETERS:153:different parameters EVP_R_ERROR_LOADING_SECTION:165:error loading section diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 0908b1ca16..3dba7f2931 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -44,6 +44,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), "data not multiple of block length"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DECODE_ERROR), "decode error"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DEFAULT_QUERY_PARSE_ERROR), + "default query parse error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 596f592535..f63e135d3a 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -361,33 +361,63 @@ void *evp_generic_fetch_by_number(OPENSSL_CTX *libctx, int operation_id, return ret; } -int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) +static int evp_set_default_properties(OPENSSL_CTX *libctx, + OSSL_PROPERTY_LIST *def_prop) { OSSL_METHOD_STORE *store = get_evp_method_store(libctx); - - if (store != NULL) - return ossl_method_store_set_global_properties(store, propq); + OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx); + + if (plp != NULL) { + ossl_property_free(*plp); + *plp = def_prop; + if (store != NULL) + ossl_method_store_flush_cache(store); + return 1; + } EVPerr(0, ERR_R_INTERNAL_ERROR); return 0; } +int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) +{ + OSSL_PROPERTY_LIST *pl = NULL; + + if (propq != NULL && (pl = ossl_parse_query(libctx, propq)) == NULL) { + EVPerr(0, EVP_R_DEFAULT_QUERY_PARSE_ERROR); + return 0; + } + return evp_set_default_properties(libctx, pl); +} + static int evp_default_properties_merge(OPENSSL_CTX *libctx, const char *propq) { - OSSL_METHOD_STORE *store = get_evp_method_store(libctx); - - if (store != NULL) - return ossl_method_store_merge_global_properties(store, propq); - EVPerr(0, ERR_R_INTERNAL_ERROR); - return 0; + OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx); + OSSL_PROPERTY_LIST *pl1, *pl2; + + if (propq == NULL) + return 1; + if (plp == NULL || *plp == NULL) + return EVP_set_default_properties(libctx, propq); + if ((pl1 = ossl_parse_query(libctx, propq)) == NULL) { + EVPerr(0, EVP_R_DEFAULT_QUERY_PARSE_ERROR); + return 0; + } + pl2 = ossl_property_merge(pl1, *plp); + ossl_property_free(pl1); + if (pl2 == NULL) { + EVPerr(0, ERR_R_MALLOC_FAILURE); + return 0; + } + return evp_set_default_properties(libctx, pl2); } static int evp_default_property_is_enabled(OPENSSL_CTX *libctx, const char *prop_name) { - OSSL_METHOD_STORE *store = get_evp_method_store(libctx); + OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx); - return ossl_method_store_global_property_is_enabled(store, prop_name); + return plp != NULL && ossl_property_is_enabled(libctx, prop_name, *plp); } int EVP_default_properties_is_fips_enabled(OPENSSL_CTX *libctx) diff --git a/crypto/property/property.c b/crypto/property/property.c index ef39057c54..a72ccb02b4 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -60,7 +60,6 @@ struct ossl_method_store_st { OPENSSL_CTX *ctx; size_t nelem; SPARSE_ARRAY_OF(ALGORITHM) *algs; - OSSL_PROPERTY_LIST *global_properties; int need_flush; CRYPTO_RWLOCK *lock; }; @@ -74,7 +73,34 @@ typedef struct { DEFINE_SPARSE_ARRAY_OF(ALGORITHM); static void ossl_method_cache_flush(OSSL_METHOD_STORE *store, int nid); -static void ossl_method_cache_flush_all(OSSL_METHOD_STORE *c); + +/* Global properties are stored per library context */ +static void ossl_ctx_global_properties_free(void *vstore) +{ + OSSL_PROPERTY_LIST **plp = vstore; + + if (plp != NULL) { + ossl_property_free(*plp); + OPENSSL_free(plp); + } +} + +static void *ossl_ctx_global_properties_new(OPENSSL_CTX *ctx) +{ + return OPENSSL_zalloc(sizeof(OSSL_PROPERTY_LIST **)); +} + + +static const OPENSSL_CTX_METHOD ossl_ctx_global_properties_method = { + ossl_ctx_global_properties_new, + ossl_ctx_global_properties_free, +}; + +OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OPENSSL_CTX *libctx) +{ + return openssl_ctx_get_data(libctx, OPENSSL_CTX_GLOBAL_PROPERTIES, + &ossl_ctx_global_properties_method); +} static int ossl_method_up_ref(METHOD *method) { @@ -166,7 +192,6 @@ void ossl_method_store_free(OSSL_METHOD_STORE *store) if (store != NULL) { ossl_sa_ALGORITHM_doall(store->algs, &alg_cleanup); ossl_sa_ALGORITHM_free(store->algs); - ossl_property_free(store->global_properties); CRYPTO_THREAD_lock_free(store->lock); OPENSSL_free(store); } @@ -296,11 +321,13 @@ int ossl_method_store_remove(OSSL_METHOD_STORE *store, int nid, } int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, - const char *prop_query, void **method) + const char *prop_query, + void **method) { + OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(store->ctx); ALGORITHM *alg; IMPLEMENTATION *impl; - OSSL_PROPERTY_LIST *pq = NULL, *p2; + OSSL_PROPERTY_LIST *pq = NULL, *p2 = NULL; METHOD *best_method = NULL; int ret = 0; int j, best = -1, score, optional; @@ -323,23 +350,28 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, return 0; } - if (prop_query == NULL) { + if (prop_query != NULL) { + p2 = pq = ossl_parse_query(store->ctx, prop_query); + } + if (plp != NULL && *plp != NULL) { + if (pq == NULL) { + pq = *plp; + } else { + p2 = ossl_property_merge(pq, *plp); + if (p2 == NULL) + goto fin; + ossl_property_free(pq); + pq = p2; + } + } + + if (pq == NULL) { if ((impl = sk_IMPLEMENTATION_value(alg->impls, 0)) != NULL) { best_method = &impl->method; ret = 1; } goto fin; } - pq = ossl_parse_query(store->ctx, prop_query); - if (pq == NULL) - goto fin; - if (store->global_properties != NULL) { - p2 = ossl_property_merge(pq, store->global_properties); - if (p2 == NULL) - goto fin; - ossl_property_free(pq); - pq = p2; - } optional = ossl_property_has_optional(pq); for (j = 0; j < sk_IMPLEMENTATION_num(alg->impls); j++) { impl = sk_IMPLEMENTATION_value(alg->impls, j); @@ -358,88 +390,10 @@ fin: else ret = 0; ossl_property_unlock(store); - ossl_property_free(pq); - return ret; -} - -int ossl_method_store_global_property_is_enabled(OSSL_METHOD_STORE *store, - const char *prop_name) -{ - int ret = 0; - - if (store == NULL) - return 0; - - ossl_property_read_lock(store); - ret = ossl_property_is_enabled(store->ctx, prop_name, - store->global_properties); - ossl_property_unlock(store); - return ret; -} - -int ossl_method_store_set_global_properties(OSSL_METHOD_STORE *store, - const char *prop_query) -{ - int ret = 0; - - if (store == NULL) - return 1; - - ossl_property_write_lock(store); - ossl_method_cache_flush_all(store); - - ossl_property_free(store->global_properties); - store->global_properties = NULL; - - if (prop_query == NULL) { - ossl_property_unlock(store); - return 1; - } - store->global_properties = ossl_parse_query(store->ctx, prop_query); - ret = store->global_properties != NULL; - ossl_property_unlock(store); - return ret; -} - -int ossl_method_store_merge_global_properties(OSSL_METHOD_STORE *store, - const char *prop_query) -{ - int ret = 0; - OSSL_PROPERTY_LIST *prop = NULL, *global; - - if (store == NULL) - return 1; - - ossl_property_write_lock(store); - ossl_method_cache_flush_all(store); - if (prop_query == NULL) { - ossl_property_free(store->global_properties); - store->global_properties = NULL; - goto success; - } - prop = ossl_parse_query(store->ctx, prop_query); - if (prop == NULL) - goto end; - - if (store->global_properties == NULL) { - store->global_properties = prop; - prop = NULL; - goto success; - } - global = ossl_property_merge(prop, store->global_properties); - if (global == NULL) - goto end; - ossl_property_free(store->global_properties); - store->global_properties = global; - success: - ret = 1; - end: - ossl_property_unlock(store); - ossl_property_free(prop); + ossl_property_free(p2); return ret; } - static void impl_cache_flush_alg(ossl_uintmax_t idx, ALGORITHM *alg) { lh_QUERY_doall(alg->cache, &impl_cache_free); @@ -456,10 +410,12 @@ static void ossl_method_cache_flush(OSSL_METHOD_STORE *store, int nid) } } -static void ossl_method_cache_flush_all(OSSL_METHOD_STORE *store) +void ossl_method_store_flush_cache(OSSL_METHOD_STORE *store) { + ossl_property_write_lock(store); ossl_sa_ALGORITHM_doall(store->algs, &impl_cache_flush_alg); store->nelem = 0; + ossl_property_unlock(store); } IMPLEMENT_LHASH_DOALL_ARG(QUERY, IMPL_CACHE_FLUSH); diff --git a/crypto/property/property_local.h b/crypto/property/property_local.h index 950a0c6c07..2b5a1e663e 100644 --- a/crypto/property/property_local.h +++ b/crypto/property/property_local.h @@ -22,8 +22,6 @@ OSSL_PROPERTY_IDX ossl_property_value(OPENSSL_CTX *ctx, const char *s, /* Property list functions */ void ossl_property_free(OSSL_PROPERTY_LIST *p); int ossl_property_has_optional(const OSSL_PROPERTY_LIST *query); -OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, - const OSSL_PROPERTY_LIST *b); /* Property definition cache functions */ OSSL_PROPERTY_LIST *ossl_prop_defn_get(OPENSSL_CTX *ctx, const char *prop); diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index 21f78c02e2..41a5a059c5 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -568,6 +568,7 @@ OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, if (r == NULL) return NULL; + r->has_optional = 0; for (i = j = n = 0; i < a->n || j < b->n; n++) { if (i >= a->n) { copy = &bp[j++]; @@ -581,6 +582,7 @@ OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, copy = &bp[j++]; } memcpy(r->properties + n, copy, sizeof(r->properties[0])); + r->has_optional |= copy->optional; } r->n = n; if (n != t) diff --git a/doc/internal/man3/OSSL_METHOD_STORE.pod b/doc/internal/man3/OSSL_METHOD_STORE.pod index 2768524e0c..53be60a931 100644 --- a/doc/internal/man3/OSSL_METHOD_STORE.pod +++ b/doc/internal/man3/OSSL_METHOD_STORE.pod @@ -5,8 +5,8 @@ OSSL_METHOD_STORE, ossl_method_store_new, ossl_method_store_free, ossl_method_store_init, ossl_method_store_cleanup, ossl_method_store_add, ossl_method_store_remove, ossl_method_store_fetch, -ossl_method_store_set_global_properties, -ossl_method_store_cache_get, ossl_method_store_cache_set +ossl_method_store_cache_get, ossl_method_store_cache_set, +ossl_method_store_flush_cache - implementation method store and query =head1 SYNOPSIS @@ -28,14 +28,13 @@ ossl_method_store_cache_get, ossl_method_store_cache_set int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, const char *properties, void **method); - int ossl_method_store_set_global_properties(OSSL_METHOD_STORE *store, - const char *prop_query); int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, int nid, const char *prop_query, void **method); int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, int nid, const char *prop_query, void *method, int (*method_up_ref)(void *), void (*method_destruct)(void *)); + void ossl_method_store_flush_cache(OSSL_METHOD_STORE *store); =head1 DESCRIPTION @@ -82,10 +81,8 @@ ossl_method_store_fetch() queries I for a method identified by I that matches the property query I. The result, if any, is returned in I. -ossl_method_store_set_global_properties() sets method I wide query -properties to I. -All subsequent fetches will need to meet both these global query properties -and the ones passed to the ossl_method_store_free(). +ossl_method_store_flush_cache() flushes all cached entries associated with +I. =head2 Cache Functions @@ -107,7 +104,7 @@ ossl_method_store_new() returns a new method store object or NULL on failure. ossl_method_store_free(), ossl_method_store_add(), ossl_method_store_remove(), ossl_method_store_fetch(), -ossl_method_store_set_global_properties(), ossl_method_store_cache_get() +ossl_method_store_cache_get() and ossl_method_store_cache_set() return B<1> on success and B<0> on error. ossl_method_store_free() and ossl_method_store_cleanup() do not return any value. diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index a4f18a5d3f..5118bfbe57 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -158,7 +158,8 @@ typedef struct ossl_ex_data_global_st { # define OPENSSL_CTX_SERIALIZER_STORE_INDEX 10 # define OPENSSL_CTX_SELF_TEST_CB_INDEX 11 # define OPENSSL_CTX_BIO_PROV_INDEX 12 -# define OPENSSL_CTX_MAX_INDEXES 13 +# define OPENSSL_CTX_GLOBAL_PROPERTIES 13 +# define OPENSSL_CTX_MAX_INDEXES 14 typedef struct openssl_ctx_method { void *(*new_func)(OPENSSL_CTX *ctx); diff --git a/include/internal/property.h b/include/internal/property.h index 2b2332b237..d8ff3582eb 100644 --- a/include/internal/property.h +++ b/include/internal/property.h @@ -42,13 +42,10 @@ int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov, int ossl_method_store_remove(OSSL_METHOD_STORE *store, int nid, const void *method); int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, - const char *prop_query, void **result); -int ossl_method_store_set_global_properties(OSSL_METHOD_STORE *store, - const char *prop_query); -int ossl_method_store_merge_global_properties(OSSL_METHOD_STORE *store, - const char *prop_query); -int ossl_method_store_global_property_is_enabled(OSSL_METHOD_STORE *store, - const char *prop_name); + const char *prop_query, void **method); + +/* Get the global properties associate with the specified library context */ +OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OPENSSL_CTX *ctx); /* property query cache functions */ int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, int nid, @@ -57,4 +54,10 @@ int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, int nid, const char *prop_query, void *result, int (*method_up_ref)(void *), void (*method_destruct)(void *)); +void ossl_method_store_flush_cache(OSSL_METHOD_STORE *store); + +/* Merge two property queries together */ +OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, + const OSSL_PROPERTY_LIST *b); + #endif diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index a18b30e497..063cf8e2d8 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -72,8 +72,6 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_KEYEXCH_FROM_DISPATCH 0 # define EVP_F_EVP_MAC_CTRL 0 # define EVP_F_EVP_MAC_CTRL_STR 0 -# define EVP_F_EVP_MAC_CTX_DUP 0 -# define EVP_F_EVP_MAC_CTX_NEW 0 # define EVP_F_EVP_MAC_INIT 0 # define EVP_F_EVP_MD_BLOCK_SIZE 0 # define EVP_F_EVP_MD_CTX_COPY_EX 0 @@ -178,6 +176,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 # define EVP_R_DECODE_ERROR 114 +# define EVP_R_DEFAULT_QUERY_PARSE_ERROR 210 # define EVP_R_DIFFERENT_KEY_TYPES 101 # define EVP_R_DIFFERENT_PARAMETERS 153 # define EVP_R_ERROR_LOADING_SECTION 165 diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 7f07ab738e..fe139fbf17 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -471,6 +471,35 @@ static EVP_PKEY *load_example_hmac_key(void) return pkey; } +static int test_EVP_set_default_properties(void) +{ + OPENSSL_CTX *ctx; + EVP_MD *md = NULL; + int res = 0; + + if (!TEST_ptr(ctx = OPENSSL_CTX_new()) + || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) + goto err; + EVP_MD_free(md); + md = NULL; + + if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang")) + || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) + || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) + goto err; + EVP_MD_free(md); + md = NULL; + + if (!TEST_true(EVP_set_default_properties(ctx, NULL)) + || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) + goto err; + res = 1; +err: + EVP_MD_free(md); + OPENSSL_CTX_free(ctx); + return res; +} + static int test_EVP_Enveloped(void) { int ret = 0; @@ -1748,6 +1777,7 @@ int setup_tests(void) if (!TEST_ptr(testctx)) return 0; + ADD_TEST(test_EVP_set_default_properties); ADD_ALL_TESTS(test_EVP_DigestSignInit, 9); ADD_TEST(test_EVP_DigestVerifyInit); ADD_TEST(test_EVP_Enveloped); From matt at openssl.org Tue Jun 23 11:46:52 2020 From: matt at openssl.org (Matt Caswell) Date: Tue, 23 Jun 2020 11:46:52 +0000 Subject: [openssl] master update Message-ID: <1592912812.188399.9421.nullmailer@dev.openssl.org> The branch master has been updated via 49a36a528a48bb6b8421b8a0363adb85e63d71fe (commit) via 7cccecc0b64e8c273c36a69eab22d942d12209a1 (commit) via 457751fb48d8f6c31f32cdc1bcfcc376db98bacb (commit) via f12dd99170c1bbcd4a503fe2e615d6a3f0900d1d (commit) from e3d6dc59fb3689f92d890a20fb5e1e5588dc95b8 (commit) - Log ----------------------------------------------------------------- commit 49a36a528a48bb6b8421b8a0363adb85e63d71fe Author: Matt Caswell Date: Tue Jun 16 17:19:40 2020 +0100 Add an SSL_dup test Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12180) commit 7cccecc0b64e8c273c36a69eab22d942d12209a1 Author: Matt Caswell Date: Tue Jun 16 17:40:40 2020 +0100 Don't attempt to duplicate the BIO state in SSL_dup SSL_dup attempted to duplicate the BIO state if the source SSL had BIOs configured for it. This did not work. Firstly the SSL_dup code was passing a BIO ** as the destination argument for BIO_dup_state. However BIO_dup_state expects a BIO * for that parameter. Any attempt to use this will either (1) fail silently, (2) crash or fail in some other strange way. Secondly many BIOs do not implement the BIO_CTRL_DUP ctrl required to make this work. Thirdly, if rbio == wbio in the original SSL object, then an attempt is made to up-ref the BIO in the new SSL object - even though it hasn't been set yet and is NULL. This results in a crash. This appears to have been broken for a very long time with at least some of the problems described above coming from SSLeay. The simplest approach is to just remove this capability from the function. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12180) commit 457751fb48d8f6c31f32cdc1bcfcc376db98bacb Author: Matt Caswell Date: Mon Jun 15 12:11:46 2020 +0100 Update the SSL_dup documentation to match reality Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12180) commit f12dd99170c1bbcd4a503fe2e615d6a3f0900d1d Author: Matt Caswell Date: Fri Jun 12 10:52:41 2020 +0100 Ensure that SSL_dup copies the min/max protocol version With thanks to Rebekah Johnson for reporting this issue. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12180) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_new.pod | 71 +++++++++++++++++++++++++++++++++++++++++++-------- ssl/ssl_lib.c | 17 ++----------- test/sslapitest.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 135 insertions(+), 25 deletions(-) diff --git a/doc/man3/SSL_new.pod b/doc/man3/SSL_new.pod index 6dfe021ec7..659b6d6738 100644 --- a/doc/man3/SSL_new.pod +++ b/doc/man3/SSL_new.pod @@ -26,16 +26,9 @@ structure are freed. SSL_up_ref() increments the reference count for an existing B structure. -SSL_dup() duplicates an existing B structure into a new allocated one -or just increments the reference count if the connection is active. All -settings are inherited from the original B structure. Dynamic data (i.e. -existing connection details) are not copied, the new B is set into an -initial accept (server) or connect (client) state. - -SSL_dup() allows applications to configure an SSL handle for use in multiple -SSL connections, and then duplicate it prior to initiating each connection -with the duplicated handle. Use of SSL_dup() avoids the need to repeat -the configuration of the handles for each connection. +The function SSL_dup() creates and returns a new B structure from the same +B that was used to create I. It additionally duplicates a subset of +the settings in I into the new B object. For SSL_dup() to work, the connection MUST be in its initial state and MUST NOT have not yet have started the SSL handshake. For connections @@ -45,6 +38,64 @@ use L to recycle an SSL handle that is not in its initial state for re-use, but this is best avoided. Instead, save and restore the session, if desired, and construct a fresh handle for each connection. +The subset of settings in I that are duplicated are: + +=over 4 + +=item any session data if configured (including the session_id_context) + +=item any tmp_dh settings set via L, +L, or L + +=item any configured certificates, private keys or certificate chains + +=item any configured signature algorithms, or client signature algorithms + +=item any DANE settings + +=item any Options set via L + +=item any Mode set via L + +=item any minimum or maximum protocol settings set via +L or L (Note: Only +from OpenSSL 1.1.1h and above) + +=item any Verify mode, callback or depth set via L or +L or any configured X509 verification parameters + +=item any msg callback or info callback set via L or +L + +=item any default password callback set via L + +=item any session id generation callback set via L + +=item any configured Cipher List + +=item initial accept (server) or connect (client) state + +=item the max cert list value set via L + +=item the read_ahead value set via L + +=item application specific data set via L + +=item any CA list or client CA list set via L, +SSL_set0_client_CA_list() or similar functions + +=item any security level settings or callbacks + +=item any configured serverinfo data + +=item any configured PSK identity hint + +=item any configured custom extensions + +=item any client certificate types configured via SSL_set1_client_certificate_types + +=back + =head1 RETURN VALUES The following return values can occur: diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index cee888944d..fea040289b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4006,6 +4006,8 @@ SSL *SSL_dup(SSL *s) goto err; ret->version = s->version; ret->options = s->options; + ret->min_proto_version = s->min_proto_version; + ret->max_proto_version = s->max_proto_version; ret->mode = s->mode; SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s)); SSL_set_read_ahead(ret, SSL_get_read_ahead(s)); @@ -4021,21 +4023,6 @@ SSL *SSL_dup(SSL *s) if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) goto err; - /* setup rbio, and wbio */ - if (s->rbio != NULL) { - if (!BIO_dup_state(s->rbio, (char *)&ret->rbio)) - goto err; - } - if (s->wbio != NULL) { - if (s->wbio != s->rbio) { - if (!BIO_dup_state(s->wbio, (char *)&ret->wbio)) - goto err; - } else { - BIO_up_ref(ret->rbio); - ret->wbio = ret->rbio; - } - } - ret->server = s->server; if (s->handshake_func) { if (s->server) diff --git a/test/sslapitest.c b/test/sslapitest.c index e0a92b31ae..c3ee6fa996 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -8151,6 +8151,75 @@ static int test_pluggable_group(void) } #endif +#ifndef OPENSSL_NO_TLS1_2 +static int test_ssl_dup(void) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL, *client2ssl = NULL; + int testresult = 0; + BIO *rbio = NULL, *wbio = NULL; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + 0, + 0, + &sctx, &cctx, cert, privkey))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION)) + || !TEST_true(SSL_set_max_proto_version(clientssl, TLS1_2_VERSION))) + goto end; + + client2ssl = SSL_dup(clientssl); + rbio = SSL_get_rbio(clientssl); + if (!TEST_ptr(rbio) + || !TEST_true(BIO_up_ref(rbio))) + goto end; + SSL_set0_rbio(client2ssl, rbio); + rbio = NULL; + + wbio = SSL_get_wbio(clientssl); + if (!TEST_ptr(wbio) || !TEST_true(BIO_up_ref(wbio))) + goto end; + SSL_set0_wbio(client2ssl, wbio); + rbio = NULL; + + if (!TEST_ptr(client2ssl) + /* Handshake not started so pointers should be different */ + || !TEST_ptr_ne(clientssl, client2ssl)) + goto end; + + if (!TEST_int_eq(SSL_get_min_proto_version(client2ssl), TLS1_2_VERSION) + || !TEST_int_eq(SSL_get_max_proto_version(client2ssl), TLS1_2_VERSION)) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, client2ssl, SSL_ERROR_NONE))) + goto end; + + SSL_free(clientssl); + clientssl = SSL_dup(client2ssl); + if (!TEST_ptr(clientssl) + /* Handshake has finished so pointers should be the same */ + || !TEST_ptr_eq(clientssl, client2ssl)) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_free(client2ssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} +#endif + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config\n") int setup_tests(void) @@ -8352,6 +8421,9 @@ int setup_tests(void) #endif #ifndef OPENSSL_NO_TLS1_3 ADD_TEST(test_pluggable_group); +#endif +#ifndef OPENSSL_NO_TLS1_2 + ADD_TEST(test_ssl_dup); #endif return 1; From tmraz at fedoraproject.org Tue Jun 23 11:49:00 2020 From: tmraz at fedoraproject.org (tmraz at fedoraproject.org) Date: Tue, 23 Jun 2020 11:49:00 +0000 Subject: [tools] master update Message-ID: <1592912940.010537.22327.nullmailer@dev.openssl.org> The branch master has been updated via ff67949521c929a243309f8a983b14a129820b0f (commit) via 4bb402fbae5a9c7e48b8f205f035e3d181b4b22f (commit) via c64d64ed24edb03457ca343a9197f5b221990112 (commit) via da999bb4be744046be67944c6f14052810f742f8 (commit) via 3d59254cb7aac3427c89f7305995a7e59a8e0a5a (commit) via 6da33b651e1dedf576bb454f2dbe56b6ed6b5fef (commit) from 3a3d8929cfab681d3807983a584fb4d7042df4b2 (commit) - Log ----------------------------------------------------------------- commit ff67949521c929a243309f8a983b14a129820b0f Author: Dr. David von Oheimb Date: Wed Jun 10 11:35:23 2020 +0200 Simplify and generalize passing of addrev flags via ghmerge commit 4bb402fbae5a9c7e48b8f205f035e3d181b4b22f Author: Dr. David von Oheimb Date: Wed Jun 10 11:34:11 2020 +0200 Add usage/doc/help text on --trivial option of 'addrev' commit c64d64ed24edb03457ca343a9197f5b221990112 Author: Dr. David von Oheimb Date: Sat Jun 6 20:27:02 2020 +0200 Make opensslbuild faster by adding -j4 option to 'make test' commit da999bb4be744046be67944c6f14052810f742f8 Author: Dr. David von Oheimb Date: Sat Jun 6 20:25:59 2020 +0200 Slightly improve user interaction of ghmerge commit 3d59254cb7aac3427c89f7305995a7e59a8e0a5a Author: Dr. David von Oheimb Date: Mon May 25 21:10:54 2020 +0200 Improve author matching for skipping author in list of reviewers in gitaddrev commit 6da33b651e1dedf576bb454f2dbe56b6ed6b5fef Author: Dr. David von Oheimb Date: Mon May 25 21:09:48 2020 +0200 Add check of REMOTE and --verbose option to ghmerge ----------------------------------------------------------------------- Summary of changes: review-tools/addrev | 7 ++++--- review-tools/ghmerge | 32 +++++++++++++++++--------------- review-tools/gitaddrev | 17 +++++++++-------- review-tools/opensslbuild | 4 ++-- 4 files changed, 32 insertions(+), 28 deletions(-) diff --git a/review-tools/addrev b/review-tools/addrev index 24032e7..5617199 100755 --- a/review-tools/addrev +++ b/review-tools/addrev @@ -85,15 +85,16 @@ option style arguments: --list List the known reviewers and exit (discards all other arguments) --verbose Be a bit more verbose +--trivial Do not require a CLA --reviewer= A reviewer to be added on a Reviewed-by: line --rmreviewers Remove all existing Reviewed-by: lines before adding reviewers --commit= Only apply to commit --myemail= Set email address. Defaults to the result from - git configuration setting user.email. ---nopr Do not requre a PR number. + git configuration setting user.email +--nopr Do not require a PR number [--prnum=]NNN Add a reference to GitHub pull request NNN -- Change the last commits. Defaults to 1. +- Change the last commits. Defaults to 1 non-option style arguments can be: diff --git a/review-tools/ghmerge b/review-tools/ghmerge index d2da9e6..9c8a903 100755 --- a/review-tools/ghmerge +++ b/review-tools/ghmerge @@ -4,17 +4,21 @@ set -o errexit WHAT=openssl BUILD=yes -TRIVIAL="" INTERACTIVE=yes AUTOSQUASH="--autosquash" [ -z ${CC+x} ] && CC="ccache gcc" # the default otherwise is "ccache clang-3.6" REMOTE=`git remote -v | awk '/git.openssl.org.*(push)/{ print $1; }' | head -n 1` +if [ "$REMOTE" = "" ] ; then + echo Cannot find remote git.openssl.org + exit 1 +fi if [ ! -d .git ] ; then echo Not at top-level exit 1 fi +ADDREVOPTS="" # Parse JCL. while true ; do case "$1" in @@ -24,9 +28,6 @@ while true ; do --web) WHAT=web ; BUILD=no ; shift ;; - --trivial) - TRIVIAL="--trivial" ; shift - ;; --noautosquash) AUTOSQUASH="" ; shift ;; @@ -47,9 +48,10 @@ while true ; do shift break ;; - -*) - echo "$0: Unknown flag $1" - exit 1 + -*) # e.g., --verbose, --trivial, --myemail=... + ADDREVOPTS="$ADDREVOPTS $1" + shift + break ;; *) break @@ -58,7 +60,7 @@ while true ; do done if [ $# -lt 2 ] ; then - echo "Usage: $0 [flags] prnum reviewer..." + echo "Usage: $0 [flags, including addrev flags] prnum reviewer..." exit 1 fi PRNUM=$1 ; shift @@ -89,14 +91,14 @@ REL=`git rev-parse --abbrev-ref HEAD` WORK="${WHO}-${BRANCH}" PREV= -echo -n "Press Enter to pull the latest $REL from $REMOTE: "; read foo +echo -n "Press Enter to pull the latest branch '$REL' from $REMOTE: "; read foo git pull $REMOTE $REL function cleanup { if [ "$WORK" != "$REL" ]; then git checkout -q $REL git branch -D $WORK - git reset --hard $REMOTE/$REL + git reset --hard $REMOTE/$REL # prune any leftover commits added locally fi } trap 'cleanup' EXIT @@ -105,16 +107,16 @@ git checkout -b $WORK $REL # append new commits from $REPO/$BRANCH git pull --rebase $REPO $BRANCH -echo rebasing on $REL +echo rebasing $BRANCH on $REL git rebase $REL || (git rebase --abort; exit 1) echo Diff against $REL git diff $REL if [ "$INTERACTIVE" == "yes" ] ; then - # echo -n "Press Enter to interactively rebase $AUTOSQUASH on $REL: "; read foo + echo -n "Press Enter to interactively rebase $AUTOSQUASH $BRANCH on $REL: "; read foo git rebase -i $AUTOSQUASH $REL || (git rebase --abort; exit 1) - addrev $TRIVIAL --prnum=$PRNUM $TEAM ${REL}.. + addrev $ADDREVOPTS --prnum=$PRNUM $TEAM ${REL}.. fi echo Log since $REL @@ -122,11 +124,11 @@ git log $REL.. git checkout $REL if [ "$INTERACTIVE" != "yes" ] ; then - echo -n "Press Enter to non-interactively merge --squash to $REL: "; read foo + echo -n "Press Enter to non-interactively merge --squash $BRANCH to $REL: "; read foo git merge --ff-only --no-commit --squash $WORK AUTHOR=`git show --no-patch --pretty="format:%an <%ae>" $WORK` git commit --author="$AUTHOR" - addrev $TRIVIAL --prnum=$PRNUM $TEAM $REMOTE/${REL}.. + addrev $ADDREVOPTS --prnum=$PRNUM $TEAM $REMOTE/${REL}.. else # echo -n "Press Enter to merge to $REL: "; read foo git merge --ff-only $WORK diff --git a/review-tools/gitaddrev b/review-tools/gitaddrev index 177a92a..cda9299 100755 --- a/review-tools/gitaddrev +++ b/review-tools/gitaddrev @@ -108,11 +108,12 @@ foreach (@ARGV) { } my @commit_message = map { (my $x = $_) =~ s|\R$||; $x } ; +my $author = $ENV{GIT_AUTHOR_EMAIL}; my $trivial = !! grep(/^CLA:\s*Trivial\s*$/i, @commit_message); # If the author is a registered committer, that identity passes as a reviewer # too. There is a twist, though... see next comment -if (my $rev = try_add_reviewer($ENV{GIT_AUTHOR_EMAIL})) { +if (my $rev = try_add_reviewer($author)) { # So here's the deal: We added the commit author because we need to keep # count of the total amount of reviewers, which includes the commit author @@ -128,7 +129,6 @@ if (my $rev = try_add_reviewer($ENV{GIT_AUTHOR_EMAIL})) { # In case the author is unknown to our databases or is lacking a CLA, # we need to be extra careful to check if this is supposed to be a # trivial commit. - my $author = $ENV{GIT_AUTHOR_EMAIL}; # Note: it really should be enough to check if $author is unknown, since # the databases are supposed to be consistent with each other. However, @@ -141,6 +141,7 @@ if (my $rev = try_add_reviewer($ENV{GIT_AUTHOR_EMAIL})) { # more unnecessary errors (false positives). @nocla_reviewers = grep { $_ ne $author } @nocla_reviewers; @unknown_reviewers = grep { $_ ne $author } @unknown_reviewers; + $skip_reviewer = $author; } if (@unknown_reviewers) { @@ -152,9 +153,6 @@ if (@nocla_reviewers) { print STDERR "Detected trivial marker\n" if $verbose && $trivial; -print STDERR "Going with these reviewers:\n ", join("\n ", @reviewers), "\n" - if $verbose; - if (scalar @reviewers < 2) { die "Too few reviewers (total must be at least 2)\n"; } @@ -162,11 +160,14 @@ if ($otccount < 1) { die "At least one of the reviewers must be an OTC member\n"; } if ($skip_reviewer) { - @reviewers = grep { $_ ne $skip_reviewer } @reviewers; - @nocla_reviewers = grep { $_ ne $skip_reviewer } @nocla_reviewers; - @unknown_reviewers = grep { $_ ne $skip_reviewer } @unknown_reviewers; + @reviewers = grep { !m/$skip_reviewer/i } @reviewers; + @nocla_reviewers = grep { !m/$skip_reviewer/i } @nocla_reviewers; + @unknown_reviewers = grep { !m/$skip_reviewer/i } @unknown_reviewers; } +print STDERR "Going with these reviewers:\n ", join("\n ", @reviewers), "\n" + if $verbose; + if ($skip == 1) { my $commit_id = $ENV{GIT_COMMIT}; foreach(@commits) { diff --git a/review-tools/opensslbuild b/review-tools/opensslbuild index e9abfb3..dcb8e62 100755 --- a/review-tools/opensslbuild +++ b/review-tools/opensslbuild @@ -46,11 +46,11 @@ grep -q doc-nits Makefile && make doc-nits s=$? test $configonly = yes && exit $s -echo Making +echo Making build make -s -j20 make -s -j20 build_tests >/dev/null s=$? test $execonly = yes && exit $s echo Making test -make test +make -j4 test From openssl at openssl.org Tue Jun 23 12:48:08 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jun 2020 12:48:08 +0000 Subject: SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-ts Message-ID: <1592916488.202671.28190.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ts Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming From openssl at openssl.org Tue Jun 23 13:34:48 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jun 2020 13:34:48 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Message-ID: <1592919288.280601.6005.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 256 Tests: 7 Failed: 1) Failed test: 7 Non-zero exit status: 1 Files=203, Tests=2011, 1673 wallclock secs ( 9.23 usr 1.40 sys + 1569.18 cusr 66.73 csys = 1646.54 CPU) Result: FAIL Makefile:3103: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-ubsan' Makefile:3101: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jun 23 13:57:50 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jun 2020 13:57:50 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-ui Message-ID: <1592920670.345854.14212.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-ui Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/7 subtests 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 81-test_cmp_cli.t (Wstat: 1280 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 5 Files=203, Tests=2011, 807 wallclock secs ( 8.30 usr 1.10 sys + 726.84 cusr 46.15 csys = 782.39 CPU) Result: FAIL Makefile:3106: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-ui' Makefile:3104: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Jun 23 14:01:44 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 23 Jun 2020 14:01:44 +0000 Subject: Errored: openssl/openssl#35642 (master - 2206385) In-Reply-To: Message-ID: <5ef20b46f21ef_13f803142bdb423010@travis-pro-tasks-7fd44b7ccb-cjhc4.mail> Build Update for openssl/openssl ------------------------------------- Build: #35642 Status: Errored Duration: 2 hrs, 3 mins, and 15 secs Commit: 2206385 (master) Author: Richard Levitte Message: DOCS: Add documentation for EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name() At the same, align documentation markup to be closer to man-pages(7) recommendations. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12188) View the changeset: https://github.com/openssl/openssl/compare/1d78129dd205...220638505869 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172640658?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 23 14:09:22 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jun 2020 14:09:22 +0000 Subject: Build failed: openssl master.35090 Message-ID: <20200623140922.1.C7CD53FE50A46BB2@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 23 15:31:01 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jun 2020 15:31:01 +0000 Subject: Build failed: openssl master.35091 Message-ID: <20200623153101.1.F615CE48F190A575@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Tue Jun 23 15:56:23 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 23 Jun 2020 15:56:23 +0000 Subject: Errored: openssl/openssl#35643 (master - 90cf309) In-Reply-To: Message-ID: <5ef22626bf177_13feb49b97c141717dc@travis-pro-tasks-7fd44b7ccb-8qjgk.mail> Build Update for openssl/openssl ------------------------------------- Build: #35643 Status: Errored Duration: 2 hrs, 11 mins, and 30 secs Commit: 90cf309 (master) Author: Pauli Message: serialization: break the provider locating code to avoid deadlock. Find all the suitable implementation names and later decide which is best. This avoids a lock order inversion. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12173) View the changeset: https://github.com/openssl/openssl/compare/220638505869...90cf3099df43 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172642058?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 23 16:42:23 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jun 2020 16:42:23 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls Message-ID: <1592930543.895614.9097.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. skipped: DTLSv1 is not supported by this OpenSSL build 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... skipped: No DTLS protocols are supported by this OpenSSL build 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 1 (wstat 256, 0x100) Failed 1/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 256 Tests: 31 Failed: 1) Failed test: 5 Non-zero exit status: 1 Files=203, Tests=2008, 821 wallclock secs ( 8.32 usr 1.24 sys + 738.01 cusr 48.87 csys = 796.44 CPU) Result: FAIL Makefile:3109: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls' Makefile:3107: recipe for target 'tests' failed make: *** [tests] Error 2 From no-reply at appveyor.com Tue Jun 23 16:59:16 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jun 2020 16:59:16 +0000 Subject: Build failed: openssl master.35093 Message-ID: <20200623165916.1.F94DB277C1A795BB@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Tue Jun 23 17:51:10 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 23 Jun 2020 17:51:10 +0000 Subject: Errored: openssl/openssl#35644 (master - 96786ad) In-Reply-To: Message-ID: <5ef2410e44bb7_13f8c159bd6fc2207eb@travis-pro-tasks-67569659f5-rnrdv.mail> Build Update for openssl/openssl ------------------------------------- Build: #35644 Status: Errored Duration: 2 hrs, 12 mins, and 1 sec Commit: 96786ad (master) Author: Sebastian Andrzej Siewior Message: APPS: Fix invoking openssl without a command Invoking help with "empty" argc leads to a segfault. Invoke do_cmd() with help as argument which invokes help_main() with proper argv. Fixes #12069 Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12070) View the changeset: https://github.com/openssl/openssl/compare/90cf3099df43...96786ad12308 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172647641?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 23 18:30:03 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jun 2020 18:30:03 +0000 Subject: Build failed: openssl master.35094 Message-ID: <20200623183003.1.662479B59943A396@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 23 19:21:52 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jun 2020 19:21:52 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2 Message-ID: <1592940112.090161.30148.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2 Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=203, Tests=2010, 827 wallclock secs ( 8.13 usr 1.24 sys + 743.14 cusr 47.08 csys = 799.59 CPU) Result: FAIL Makefile:3104: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2' Makefile:3102: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Jun 23 19:28:29 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 23 Jun 2020 19:28:29 +0000 Subject: Errored: openssl/openssl#35645 (master - a4e440d) In-Reply-To: Message-ID: <5ef257dd74e77_13f8c1591252c367845@travis-pro-tasks-67569659f5-rnrdv.mail> Build Update for openssl/openssl ------------------------------------- Build: #35645 Status: Errored Duration: 1 hr, 54 mins, and 11 secs Commit: a4e440d (master) Author: Sebastian Andrzej Siewior Message: TEST: Pass -no-CAstore in 80-test_ocsp.t Without passing -no-CAstore the default CAstore will be used and the testsuite will fail the system has certificates installed. Fixes: #11645 Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12171) View the changeset: https://github.com/openssl/openssl/compare/96786ad12308...a4e440d6477b View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172647984?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 23 20:03:28 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jun 2020 20:03:28 +0000 Subject: Build failed: openssl master.35099 Message-ID: <20200623200328.1.AF4C1FE4EB716761@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jun 23 21:24:34 2020 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 23 Jun 2020 21:24:34 +0000 Subject: Build failed: openssl master.35102 Message-ID: <20200623212434.1.E44E405D724B542D@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 23 21:36:12 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jun 2020 21:36:12 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-dtls1_2-method Message-ID: <1592948172.971700.14172.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dtls1_2-method Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 70-test_comp.t ..................... ok 70-test_key_share.t ................ ok 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. ok 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. ok 70-test_tls13cookie.t .............. ok 70-test_tls13downgrade.t ........... ok 70-test_tls13hrr.t ................. ok 70-test_tls13kexmodes.t ............ ok 70-test_tls13messages.t ............ ok 70-test_tls13psk.t ................. ok 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. skipped: test_dtls_mtu needs DTLS and PSK support enabled 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. Dubious, test returned 4 (wstat 1024, 0x400) Failed 4/31 subtests 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... ok 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. ok 90-test_tls13encryption.t .......... ok 90-test_tls13secrets.t ............. ok 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 80-test_ssl_new.t (Wstat: 1024 Tests: 31 Failed: 4) Failed tests: 5, 8, 17, 19 Non-zero exit status: 4 90-test_sslapi.t (Wstat: 256 Tests: 3 Failed: 1) Failed test: 3 Non-zero exit status: 1 Files=203, Tests=2010, 836 wallclock secs ( 8.41 usr 0.98 sys + 750.44 cusr 48.38 csys = 808.21 CPU) Result: FAIL Makefile:3092: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dtls1_2-method' Makefile:3090: recipe for target 'tests' failed make: *** [tests] Error 2 From builds at travis-ci.com Tue Jun 23 21:56:41 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 23 Jun 2020 21:56:41 +0000 Subject: Errored: openssl/openssl#35647 (master - 7905806) In-Reply-To: Message-ID: <5ef27a998918_13ffde3d256c4168673@travis-pro-tasks-66d55bd756-6qxjk.mail> Build Update for openssl/openssl ------------------------------------- Build: #35647 Status: Errored Duration: 1 hr, 48 mins, and 53 secs Commit: 7905806 (master) Author: Shane Lontis Message: Fix potential double free in rsa_keygen pairwise test. It should never hit this branch of code, so there is no feasible test. Found due to a similar issue in PR #12176. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12177) View the changeset: https://github.com/openssl/openssl/compare/a4e440d6477b...7905806c94b1 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172648347?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Jun 23 22:23:08 2020 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 23 Jun 2020 22:23:08 +0000 Subject: Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_3 Message-ID: <1592950988.785966.29655.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_3 Commit log since last time: 13da2e61bf [doc/man3] finish EC_GROUP_get_field_type documentation d4bf0d57a8 Flag RSA secret BNs as consttime on keygen and checks 200ae2ee8e Fix one typo in a comment. 75e35c9ad1 Fix `no-ts` builds. `ess_lib.c` is called from `cms` and `ts` modules. c720fc35f4 namemap: change ossl_namemap_empty() to do what the documentation says. 7cc5e0d283 Allow oversized buffers for provider cipher IV fetch 320d96a32c Set cipher IV as octet string and pointer from providers 5797e309fc Build: Remove faulty DES assembler spec 760aaf1bb4 doc: Document OSSL_PARAM_modified and OSSL_PARAM_set_all_unmodified. f36c3885b5 Return the cookie_len value from generate_cookie_callback cfbe41ea91 Fix the DTLS1_COOKIE_LENGTH value 989a85774b Add evp_extra_test2 to .gitignore 9ee77767b2 Add a test for d2i_AutoPrivateKey_ex with a non-default libctx febe6bb727 Ensure creating an EC public key uses the libctx 2da8d4eb28 Add more complete support for libctx/propq in the EC code 48e971dd9f Create defines for TLS Group Ids e09f8d256f Don't send supported groups if no-ec and we're doing DTLS db9592c1f7 Provider a better error message if we fail to copy parameters 6136ecaa95 Make sure we save the copy function when registering a new Keymgmt 0c13cdf835 Write a test provider to test the TLS-GROUPS capability 260009d877 Update the various SSL group getting and setting functions 90929138d7 Add some missing OSSL_PKEY_PARAM_GROUP_NAME documentation 3c49e4ff51 Add documentation about Capabilities 381f3f3bbc Make EVP_PKEY_CTX_[get|set]_group_name work for ECX too 023b188ca5 Make EVP_PKEY_CTX_[get|set]_group_name work for DH too 11a1b341f3 Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic 9d2d857f13 Modify libssl to discover supported groups based on available providers 82ec09ec6d Add the OSSL_PROVIDER_get_capabilities() API function 72bfc95858 Add the concept of "Capabilities" to the default and fips providers edeaa96ae6 Add missing section on asymmetric ciphers 6f72b210b2 Remove whitespace from 'white space' 9a7319b0b0 Configure DEPs for FIPS provider on AIX. bb361a27ba DOC: Spelling fixes b75f08cb13 Fix segfault in openssl app called with no args. 24b6261e5b coverity 1464213: API usage errors (PRINTF_ARGS) ae93e8c21e coverity 1464212, 1464214 & 1464215: Resource leaks 4f2271d58a Add ACVP fips module tests 5a147abd79 Update gost-engine submodule to match EVP_MAC renaming Build log ended with (last 100 lines): 65-test_cmp_status.t ............... ok 65-test_cmp_vfy.t .................. ok 70-test_asyncio.t .................. ok 70-test_bad_dtls.t ................. ok 70-test_clienthello.t .............. ok 70-test_comp.t ..................... ok 70-test_key_share.t ................ skipped: test_key_share needs TLS1.3 enabled 70-test_packet.t ................... ok 70-test_recordlen.t ................ ok 70-test_renegotiation.t ............ ok 70-test_servername.t ............... ok 70-test_sslcbcpadding.t ............ ok 70-test_sslcertstatus.t ............ ok 70-test_sslextension.t ............. ok 70-test_sslmessages.t .............. ok 70-test_sslrecords.t ............... ok 70-test_sslsessiontick.t ........... ok 70-test_sslsigalgs.t ............... ok 70-test_sslsignature.t ............. ok 70-test_sslskewith0p.t ............. ok 70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled 70-test_sslvertol.t ................ ok 70-test_tls13alerts.t .............. skipped: test_tls13alerts needs TLS1.3 enabled 70-test_tls13cookie.t .............. skipped: test_tls13cookie needs TLS1.3 enabled 70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled 70-test_tls13hrr.t ................. skipped: test_tls13hrr needs TLS1.3 enabled 70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs TLSv1.3 enabled 70-test_tls13messages.t ............ skipped: test_tls13messages needs TLSv1.3 enabled 70-test_tls13psk.t ................. skipped: test_tls13psk needs TLSv1.3 enabled 70-test_tlsextms.t ................. ok 70-test_verify_extra.t ............. ok 70-test_wpacket.t .................. ok 71-test_ssl_ctx.t .................. ok 80-test_ca.t ....................... ok 80-test_cipherbytes.t .............. ok 80-test_cipherlist.t ............... ok 80-test_ciphername.t ............... ok 80-test_cms.t ...................... ok 80-test_cmsapi.t ................... ok 80-test_ct.t ....................... ok 80-test_dane.t ..................... ok 80-test_dtls.t ..................... ok 80-test_dtls_mtu.t ................. ok 80-test_dtlsv1listen.t ............. ok 80-test_http.t ..................... ok 80-test_ocsp.t ..................... ok 80-test_pkcs12.t ................... ok 80-test_ssl_new.t .................. ok 80-test_ssl_old.t .................. ok 80-test_ssl_test_ctx.t ............. ok 80-test_sslcorrupt.t ............... ok 80-test_tsa.t ...................... ok 80-test_x509aux.t .................. ok 81-test_cmp_cli.t .................. ok 90-test_asn1_time.t ................ ok 90-test_async.t .................... ok 90-test_bio_enc.t .................. ok 90-test_bio_memleak.t .............. ok 90-test_constant_time.t ............ ok 90-test_fatalerr.t ................. ok 90-test_gmdiff.t ................... ok 90-test_gost.t ..................... skipped: TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build 90-test_ige.t ...................... ok 90-test_includes.t ................. ok 90-test_memleak.t .................. ok 90-test_overhead.t ................. ok 90-test_secmem.t ................... ok 90-test_shlibload.t ................ ok 90-test_srp.t ...................... ok 90-test_sslapi.t ................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/3 subtests 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok 90-test_tls13ccs.t ................. skipped: test_tls13ccs is not supported in this build 90-test_tls13encryption.t .......... skipped: tls13encryption is not supported in this build 90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build 90-test_v3name.t ................... ok 95-test_external_boringssl.t ....... skipped: No external tests in this configuration 95-test_external_gost_engine.t ..... skipped: No external tests in this configuration 95-test_external_krb5.t ............ skipped: No external tests in this configuration 95-test_external_pyca.t ............ skipped: No external tests in this configuration 99-test_ecstress.t ................. ok 99-test_fuzz.t ..................... ok Test Summary Report ------------------- 90-test_sslapi.t (Wstat: 512 Tests: 3 Failed: 2) Failed tests: 1, 3 Non-zero exit status: 2 Files=203, Tests=1932, 787 wallclock secs ( 7.40 usr 1.25 sys + 705.47 cusr 45.23 csys = 759.35 CPU) Result: FAIL Makefile:3092: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_3' Makefile:3090: recipe for target 'tests' failed make: *** [tests] Error 2 From pauli at openssl.org Tue Jun 23 23:18:21 2020 From: pauli at openssl.org (Dr. Paul Dale) Date: Tue, 23 Jun 2020 23:18:21 +0000 Subject: [tools] master update Message-ID: <1592954301.213020.10394.nullmailer@dev.openssl.org> The branch master has been updated via e4755452b7bd93c37d0d4b09ebfc7d2cb2f1f498 (commit) via 7f6a58bcc6ac8e06770d17be5ec24dd27fdc691b (commit) from ff67949521c929a243309f8a983b14a129820b0f (commit) - Log ----------------------------------------------------------------- commit e4755452b7bd93c37d0d4b09ebfc7d2cb2f1f498 Author: Pauli Date: Tue Jun 9 11:48:49 2020 +1000 NIST DRBG test vector data file. Current 2020-06-09. Vectors are from: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/68) commit 7f6a58bcc6ac8e06770d17be5ec24dd27fdc691b Author: Pauli Date: Tue Jun 9 11:46:59 2020 +1000 rand-drbg: Add conversion script to create data for DRBG testing. NIST's DRBG test data set isn't ideal for evp_test to process. This script massages the data into a format which is more suitable. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/68) ----------------------------------------------------------------------- Summary of changes: nist-conversion/README.md | 10 +++ nist-conversion/convert_nist_drbg_test_data.lua | 88 ++++++++++++++++++++++++ nist-conversion/drbgtestvectors.zip | Bin 0 -> 13682977 bytes 3 files changed, 98 insertions(+) create mode 100644 nist-conversion/README.md create mode 100755 nist-conversion/convert_nist_drbg_test_data.lua create mode 100644 nist-conversion/drbgtestvectors.zip diff --git a/nist-conversion/README.md b/nist-conversion/README.md new file mode 100644 index 0000000..5d3d8bd --- /dev/null +++ b/nist-conversion/README.md @@ -0,0 +1,10 @@ +This directory contains tools that are used to convert between NIST supplied +test data sets and internal formats. + +The `convert_nist_drbg_test_data.lua` script converts the +[NIST DRBG test data]: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip +to a format suitable for use in evp_test. + +The `drbgtestvectors.zip` file contains the DRGB test vectors that the +`convert_nist_drbg_test_data.lua` script converted for the current OpenSSL +source repository. diff --git a/nist-conversion/convert_nist_drbg_test_data.lua b/nist-conversion/convert_nist_drbg_test_data.lua new file mode 100755 index 0000000..be7fe4b --- /dev/null +++ b/nist-conversion/convert_nist_drbg_test_data.lua @@ -0,0 +1,88 @@ +#!/usr/bin/env lua + +--[[ +A script to convert NIST DRBG test data into a format that evp_test can use. + +After unpacking the NIST DRBG test data found at: + https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip + +Each of the nine test files needs to be run through this script. The files are +three set of three corresponding to the no reseeding, no prediction resistance +and the prediction resistance suites. Each trio should be processed: + + ./convert_nist_drbg_test_data < CTR_DRBG.rsp >>evprand.txt + ./convert_nist_drbg_test_data < Hash_DRBG.rsp >>evprand.txt + ./convert_nist_drbg_test_data mac < HMAC_DRBG.rsp >>evprand.txt + +It is advisable to also include title lines between each of the test suites. + +--]] + +local hname = (arg[1] and arg[1]:find('mac')) and 'HMAC-DRBG' or 'HASH-DRBG' + +local state = 'skip' +local index +local remap = { + ReturnedBits = 'Count', + EntropyInput = 'Entropy', + PersonalizationString = 'PersonalisationString', + ReturnedBits = 'Output', + EntropyInputPR = 'EntropyPredictionResistance', + EntropyInputReseed = 'ReseedEntropy', + AdditionalInputReseed = 'ReseedAdditionalInput', +} + +for line in io.lines() do + line = line:gsub(string.char(13), '') + if line:len() > 1 and line:sub(1,1) ~= '#' then + if line:sub(1,1) == '[' then + if state == 'body' or state == 'skip' then + index = 0 + addin = string.byte('A') - 1 + if line:find 'AES' then + state = 'header' + print '' + print 'RAND = CTR-DRBG' + if line:find 'no df' then + print 'Availablein = default' + end + print('Cipher = ' .. line:sub(2):gsub('%s.*', '') .. '-CTR') + if line:find 'use df' then + print 'DerivationFunction = 1' + end + elseif line:find 'SHA' then + state = 'header' + print '' + print('RAND = ' .. hname) + print('Digest = ' .. line:gsub('[][]', '')) + else + state = 'skip' + end + end + if state ~= 'skip' and line:find 'PredictionResistance' then + print('PredictionResistance = ' .. (line:find('True') and 1 or 0)) + end + if state ~= 'skip' and line:find 'ReturnedBitsLen' then + print('GenerateBits = '.. line:sub(20):gsub(']', '')) + end + elseif state ~= 'skip' then + state = 'body' + local pos = line:find '=' + if pos then + local k, v = line:gsub('%s*=.*', ''), line:gsub('.*=%s*', '') + k = remap[k] and remap[k] or k + if k == 'COUNT' then + index = tonumber(v) + addin = string.byte('A') - 1 + elseif k == 'AdditionalInput' or k == 'EntropyPredictionResistance' then + if k == 'AdditionalInput' then addin = addin + 1 end + if v ~= '' then + print(string.format('%s%c.%d = %s', k, addin, index, v)) + end + elseif v ~= '' then + print(string.format('%s.%d = %s', k, index, v)) + end + end + end + end +end diff --git a/nist-conversion/drbgtestvectors.zip b/nist-conversion/drbgtestvectors.zip new file mode 100644 index 0000000..e2f2abc Binary files /dev/null and b/nist-conversion/drbgtestvectors.zip differ From builds at travis-ci.com Tue Jun 23 23:30:04 2020 From: builds at travis-ci.com (Travis CI) Date: Tue, 23 Jun 2020 23:30:04 +0000 Subject: Errored: openssl/openssl#35648 (master - 1b49520) In-Reply-To: Message-ID: <5ef2907ba6e05_13fc5e3ba802c464318@travis-pro-tasks-66d55bd756-4tdgr.mail> Build Update for openssl/openssl ------------------------------------- Build: #35648 Status: Errored Duration: 2 hrs, 9 mins, and 22 secs Commit: 1b49520 (master) Author: Jean-Christophe Fillion-Robin Message: DOC: Fix link to test/README.external in INSTALL.md CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12198) View the changeset: https://github.com/openssl/openssl/compare/7905806c94b1...1b495200436b View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172648615?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 24 00:06:47 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jun 2020 00:06:47 +0000 Subject: Build failed: openssl master.35104 Message-ID: <20200624000647.1.507523159F091F58@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 24 00:35:45 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jun 2020 00:35:45 +0000 Subject: Build completed: openssl OpenSSL_1_1_1-stable.35105 Message-ID: <20200624003545.1.936B6341F68BDAD1@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Wed Jun 24 01:19:54 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 24 Jun 2020 01:19:54 +0000 Subject: Errored: openssl/openssl#35650 (master - e3d6dc5) In-Reply-To: Message-ID: <5ef2aa3a54cca_13f9a608bac7438785@travis-pro-tasks-569d876dbd-v74gv.mail> Build Update for openssl/openssl ------------------------------------- Build: #35650 Status: Errored Duration: 1 hr, 59 mins, and 22 secs Commit: e3d6dc5 (master) Author: Pauli Message: property: correctly set the has optional flag when merging property lists Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12123) View the changeset: https://github.com/openssl/openssl/compare/1b495200436b...e3d6dc59fb36 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172658361?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 24 01:34:42 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jun 2020 01:34:42 +0000 Subject: Build failed: openssl master.35108 Message-ID: <20200624013442.1.E5F871A09873E5FB@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 24 02:33:09 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jun 2020 02:33:09 +0000 Subject: Build failed: openssl master.35109 Message-ID: <20200624023309.1.52823FC94EF3DFB0@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.com Wed Jun 24 02:55:55 2020 From: builds at travis-ci.com (Travis CI) Date: Wed, 24 Jun 2020 02:55:55 +0000 Subject: Errored: openssl/openssl#35651 (master - 49a36a5) In-Reply-To: Message-ID: <5ef2c0bb15afa_13f896bea92a8303665@travis-pro-tasks-569d876dbd-52w6n.mail> Build Update for openssl/openssl ------------------------------------- Build: #35651 Status: Errored Duration: 2 hrs, 10 mins, and 34 secs Commit: 49a36a5 (master) Author: Matt Caswell Message: Add an SSL_dup test Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12180) View the changeset: https://github.com/openssl/openssl/compare/e3d6dc59fb36...49a36a528a48 View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172658463?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 24 03:33:00 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jun 2020 03:33:00 +0000 Subject: Build failed: openssl master.35111 Message-ID: <20200624033300.1.3D1B9B21C36C03D4@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 24 04:30:14 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jun 2020 04:30:14 +0000 Subject: Build failed: openssl master.35112 Message-ID: <20200624043014.1.4FFD07BD89AB1A73@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 24 05:29:08 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jun 2020 05:29:08 +0000 Subject: Build failed: openssl master.35114 Message-ID: <20200624052908.1.95C25B0805C838BC@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jun 24 06:33:13 2020 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 24 Jun 2020 06:33:13 +0000 Subject: Build failed: openssl master.35116 Message-ID: <20200624063313.1.1F688C5942B8FB78@appveyor.com> An HTML attachment was scrubbed... URL: From beldmit at gmail.com Wed Jun 24 06:58:36 2020 From: beldmit at gmail.com (beldmit at gmail.com) Date: Wed, 24 Jun 2020 06:58:36 +0000 Subject: [openssl] master update Message-ID: <1592981916.468861.20423.nullmailer@dev.openssl.org> The branch master has been updated via 922f156545c9c8397abbda49eb640f7a34969231 (commit) via 6ec351f4496a6a8dd40ef2d811967247afaf1c41 (commit) from 49a36a528a48bb6b8421b8a0363adb85e63d71fe (commit) - Log ----------------------------------------------------------------- commit 922f156545c9c8397abbda49eb640f7a34969231 Author: Dmitry Belyavskiy Date: Fri Jun 19 17:06:18 2020 +0300 CMS print should support string conversion: docs Documentation for -nameopt option Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12206) commit 6ec351f4496a6a8dd40ef2d811967247afaf1c41 Author: Dmitry Belyavskiy Date: Fri Jun 19 17:05:12 2020 +0300 CMS print should support string conversion Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12206) ----------------------------------------------------------------------- Summary of changes: apps/cms.c | 23 ++++++++++++++++++++--- doc/man1/openssl-cms.pod.in | 9 +++++++++ 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index 445fec5388..2cb92ab85f 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -82,7 +82,7 @@ typedef enum OPTION_choice { OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT, OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE, OPT_CAPATH, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, - OPT_CONTENT, OPT_PRINT, + OPT_CONTENT, OPT_PRINT, OPT_NAMEOPT, OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM, @@ -184,6 +184,8 @@ const OPTIONS cms_options[] = { "Supply or override content for detached signature"}, {"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"}, + {"nameopt", OPT_NAMEOPT, 's', + "For the -print option specifies various strings printing options"}, {"certsout", OPT_CERTSOUT, '>', "Certificate output file"}, OPT_SECTION("Keying"), @@ -466,6 +468,10 @@ int cms_main(int argc, char **argv) case OPT_PRINT: noout = print = 1; break; + case OPT_NAMEOPT: + if (!set_nameopt(opt_arg())) + goto opthelp; + break; case OPT_SECRETKEY: if (secret_key != NULL) { BIO_printf(bio_err, "Invalid key (supplied twice) %s\n", @@ -1152,8 +1158,19 @@ int cms_main(int argc, char **argv) } } else { if (noout) { - if (print) - CMS_ContentInfo_print_ctx(out, cms, 0, NULL); + if (print) { + ASN1_PCTX *pctx = NULL; + if (get_nameopt() != XN_FLAG_ONELINE) { + pctx = ASN1_PCTX_new(); + if (pctx != NULL) { /* Print anyway if malloc failed */ + ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT); + ASN1_PCTX_set_str_flags(pctx, get_nameopt()); + ASN1_PCTX_set_nm_flags(pctx, get_nameopt()); + } + } + CMS_ContentInfo_print_ctx(out, cms, 0, pctx); + ASN1_PCTX_free(pctx); + } } else if (outformat == FORMAT_SMIME) { if (to) BIO_printf(out, "To: %s%s", to, mime_eol); diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index 5ef1219a2e..b4c57d37ff 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -44,6 +44,7 @@ B B [B<-text>] [B<-noout>] [B<-print>] +[B<-nameopt> I